Joran Herve discovered that the Okular document viewer was susceptible to directory traversal via malformed .okular files , which could result in the creation of arbitrary files.