SB2019062909 - Multiple vulnerabilities in FlightCrew
Published: June 29, 2019 Updated: June 10, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2019-13032)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in FlightCrew v0.9.2 within the GetRelativePathToNcx() and GetRelativePathsToXhtmlDocuments() in xc::XMLUri::isValidURI(). A remote attacker can perform a denial of service (DoS) attack.
2) Path traversal (CVE-ID: CVE-2019-13241)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in filenames when extracting data from ZIP archives. A remote attacker can trick the victim to open a specially crafted archive and overwrite arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- https://github.com/Sigil-Ebook/flightcrew/issues/53
- https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnerabilities-part-1-of-3/
- https://github.com/Sigil-Ebook/flightcrew/issues/52
- https://salvatoresecurity.com/fun-with-fuzzers-how-i-discovered-three-vulnerabilities-part-3-of-3/