RSS   Vulnerabilities for 'Flightcrew'   RSS

2019-07-30
 
CVE-2019-14452

CWE-22
 

 
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

 
2019-07-04
 
CVE-2019-13241

CWE-20
 

 
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

 
2019-06-28
 
CVE-2019-13032

CWE-476
 

 
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.

 


Copyright 2024, cxsecurity.com

 

Back to Top