MidnightBSD

Advisories for sigil-ebook

CVE-2019-14452 MEDIUM

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
sigil-ebook sigil *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
flightcrew_project flightcrew *