--- a/part/part.cpp
+++ b/part/part.cpp
@@ -558,8 +558,15 @@ void Part::slotPreviewExtracted(KJob *jo
     if (!job->error()) {
         const ArchiveEntry& entry =
             m_model->entryForIndex(m_view->selectionModel()->currentIndex());
-        const QString fullName =
-            m_previewDir->name() + QLatin1Char( '/' ) + entry[ FileName ].toString();
+
+        QString fullName =
+            m_previewDir->name() + QLatin1Char('/') + entry[FileName].toString();
+
+        // Make sure a maliciously crafted archive with parent folders named ".." do
+        // not cause the previewed file path to be located outside the temporary
+        // directory, resulting in a directory traversal issue.
+        fullName.remove(QLatin1String("../"));
+
         ArkViewer::view(fullName, widget());
     } else {
         KMessageBox::error(widget(), job->errorString());