Search CVE reports
1 – 3 of 3 results
CVE-2019-13453
Medium priorityZipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile().
2 affected packages
flightcrew, zipios++
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| flightcrew | — | — | — | Fixed | Fixed |
| zipios++ | — | — | — | Fixed | Fixed |
CVE-2019-13241
Medium priorityFlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
1 affected package
flightcrew
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| flightcrew | — | — | — | Fixed | Fixed |
CVE-2019-13032
Low priorityAn issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects...
1 affected package
flightcrew
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| flightcrew | — | — | — | Fixed | Fixed |