Flightcrew Project: >> Flightcrew >> 0.9.1 Security Vulnerabilities
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVSS Score
7.8
EPSS Score
0.009
Published
2019-07-04
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.
CVSS Score
5.5
EPSS Score
0.002
Published
2019-06-28