Published: 28 June 2019
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.
From the Ubuntu security team
Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service.
CVSS 3 base score: 5.5