Vulnerabilities (CVE)

Filtered by vendor Flightcrew Project Subscribe
Filtered by product Flightcrew
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-14452 3 Canonical, Flightcrew Project, Sigil-ebook 3 Ubuntu Linux, Flightcrew, Sigil 2024-11-21 5.0 MEDIUM 7.5 HIGH
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVE-2019-13241 2 Canonical, Flightcrew Project 2 Ubuntu Linux, Flightcrew 2024-11-21 6.8 MEDIUM 7.8 HIGH
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVE-2019-13032 1 Flightcrew Project 1 Flightcrew 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.