3 matches found
CVE-2019-13032
CVE-2019-13032 affects FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(), impacting third‑party software that uses FlightCrew as a library. Connected advisories...
CVE-2019-13241
FlightCrew v0.9.2 and older are affected by CVE-2019-13241 (directory traversal: can write arbitrary files via a ../ in a ZIP entry during extraction). Mageia advisories and Ubuntu USN entries also reference CVE-2019-13241 and confirm that updates fix these flaws; CVE-2019-13032 is a NULL pointer...
CVE-2019-14452
Sigil up to version 0.9.16 is affected by a directory traversal vulnerability that lets an attacker place arbitrary files by a crafted ZIP entry during extraction. Multiple sources (NVD/NIST, Mageia MGASA-2019-0249, Ubuntu USN-4085-1, OSV entries) confirm the issue and indicate the root cause is ...