CVE-2019-13032
MEDIUMFlightCrew < 0.9.2 - NULL Pointer Dereference in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments()
Title source: llmDescription
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Sigil-Ebook/flightcrew/issues/53
Various Sources x_refsource_misc
https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnerabilities-part-1-of-3/
Vendor Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4055-1/
Scores
CVSS v3
5.5
EPSS
0.0101
EPSS Percentile
58.7%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
flightcrew_project/flightcrew
< 0.9.2
Published
Jun 28, 2019
Tracked Since
Feb 18, 2026