CVE-2019-14452 (retired)

Priority
Description
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing
attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP
archive entry that is mishandled during extraction.
Ubuntu-Description
Mike Salvatore discovered that Sigil mishandled certain malformed EPUB
files. An attacker could use this vulnerability to write arbitrary files to the
filesystem.
Package
Source: sigil (LP Ubuntu Debian)
Upstream:released (0.9.16)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (0.9.5+dfsg-0ubuntu1+esm1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.9.9+dfsg-1ubuntu0.1~esm1)
Ubuntu 19.04 (Disco Dingo):released (0.9.13+dfsg-1ubuntu0.1)
Ubuntu 19.10 (Eoan):released (0.9.14+dfsg-1ubuntu1)
More Information

Updated: 2019-08-14 14:15:53 UTC (commit b248f28b2baec34efa2d1f7c325411e21dec9937)