CVE-2019-13032

Published: 28 June 2019

An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.

From the Ubuntu security team

Mike Salvatore discovered that FlightCrew improperly handled certain malformed EPUB files. An attacker could potentially use this vulnerability to cause a denial of service.

Priority

CVSS 3 base score: 5.5

Status

Package	Release	Status
flightcrew Launchpad, Ubuntu, Debian	Upstream	Needed



	Ubuntu 18.04 LTS (Bionic Beaver)	Released (0.7.2+dfsg-10ubuntu0.1)
	Ubuntu 16.04 LTS (Xenial Xerus)	Released (0.7.2+dfsg-6ubuntu0.1)
	Ubuntu 14.04 ESM (Trusty Tahr)	Does not exist

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931246

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM