Vulnerability Description
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flightcrew Project | Flightcrew | <= 0.9.2 |
Related Weaknesses (CWE)
References
- https://github.com/Sigil-Ebook/flightcrew/issues/53Issue TrackingThird Party Advisory
- https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnera
- https://usn.ubuntu.com/4055-1/
- https://github.com/Sigil-Ebook/flightcrew/issues/53Issue TrackingThird Party Advisory
- https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnera
- https://usn.ubuntu.com/4055-1/
FAQ
What is CVE-2019-13032?
CVE-2019-13032 is a vulnerability with a CVSS score of 5.5 (MEDIUM). An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri:...
How severe is CVE-2019-13032?
CVE-2019-13032 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-13032?
Check the references section above for vendor advisories and patch information. Affected products include: Flightcrew Project Flightcrew.