Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| sigil-ebook | sigil | * |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 19.04 |
| canonical | ubuntu_linux | 18.04 |
| flightcrew_project | flightcrew | * |