CVE-2019-14452

Published: Jul 31, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505967936

x_refsource_MISC

https://github.com/Sigil-Ebook/flightcrew/issues/52#issuecomment-505997355

x_refsource_MISC

https://github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4

x_refsource_MISC

https://github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4

x_refsource_MISC

https://github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f

x_refsource_MISC

https://github.com/Sigil-Ebook/Sigil/releases/tag/0.9.16

x_refsource_MISC

https://github.com/Sigil-Ebook/Sigil/compare/ea7f27d...5b867e5

x_refsource_MISC

USN-4085-1

vendor-advisory

x_refsource_UBUNTU

https://salvatoresecurity.com/zip-slip-in-sigil-cve-2019-14452/

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-14452

Description

Affected Products

References