Sigil-Ebook/flightcrew

Sigil-Ebook/flightcrew

Releases5

Frequency1 year 11 months

Last Release almost 7 years ago

Stars36

Automatically exported from code.google.com/p/flightcrew

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2019-14452 ↗	Jul 31, 2019Wednesday, 31 July 2019, 02:15	—	5 MEDIUM
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVE-2019-13241 ↗	Jul 4, 2019Thursday, 4 July 2019, 15:15	7.8 HIGH	6.8 MEDIUM
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVE-2019-13032 ↗	Jun 28, 2019Friday, 28 June 2019, 23:15	—	4.3 MEDIUM
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.