CVE-2019-14452

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-14452
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14452.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-14452
Downstream
Related
Published
2019-07-31T02:15:10.977Z
Modified
2026-03-15T15:04:48.398425Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

References

Affected packages

Git / github.com/sigil-ebook/sigil

Affected ranges

Type
GIT
Repo
https://github.com/sigil-ebook/sigil
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5b867e569f5bd3f471ae71f2e301624069712896
Fixed
04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4
Fixed
0979ba8d10c96ebca330715bfd4494ea0e019a8f
Fixed
369eebe936e4a8c83cc54662a3412ce8bef189e4
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.9.16"
        }
    ]
}

Affected versions

0.*
0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.900
0.8.901
0.9.0
0.9.1
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9

Database specific

unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0.9.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "16.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "18.04"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.04"
            }
        ]
    }
]
vanir_signatures 
[
    {
        "id": "CVE-2019-14452-187fcff0",
        "signature_type": "Function",
        "target": {
            "file": "src/Misc/Utility.cpp",
            "function": "Utility::UnZip"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "182395217239051067566291634887819240475",
            "length": 1854.0
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f"
    },
    {
        "id": "CVE-2019-14452-2f067d2f",
        "signature_type": "Line",
        "target": {
            "file": "src/Importers/ImportEPUB.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "31778958674837530317474274569413477196",
                "293766748251520536127451115093031018929",
                "186608153893597571221016396297903165953",
                "51362202892592035626035691752460671402",
                "16726271138158705511880064410444150119"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4"
    },
    {
        "id": "CVE-2019-14452-36998d3d",
        "signature_type": "Line",
        "target": {
            "file": "src/sigil_exception.h"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "208043562837169991166544622942838125766",
                "326803285296918462666518107266371185255"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f"
    },
    {
        "id": "CVE-2019-14452-74de99f5",
        "signature_type": "Line",
        "target": {
            "file": "src/Misc/Utility.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "130891689586634692963401675223951984388",
                "102425373348876556544986942506246403476",
                "246863910420444580698523536143003827497",
                "122839018934126442639130559388211875848",
                "220896107346917495667970250931919460495"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f"
    },
    {
        "id": "CVE-2019-14452-8b14dd4a",
        "signature_type": "Function",
        "target": {
            "file": "src/Importers/ImportEPUB.cpp",
            "function": "ImportEPUB::ExtractContainer"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "159969796228099430892405562394044581018",
            "length": 2637.0
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4"
    },
    {
        "id": "CVE-2019-14452-94aa0873",
        "signature_type": "Line",
        "target": {
            "file": "src/BookManipulation/Book.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "91926295081885281339467081712180333814",
                "185102269791397197616450499299782208388",
                "222228852761138575611763980038136668554",
                "290716185337369713183669438939510716289"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/5b867e569f5bd3f471ae71f2e301624069712896"
    },
    {
        "id": "CVE-2019-14452-b9e751b0",
        "signature_type": "Line",
        "target": {
            "file": "src/Importers/ImportEPUB.cpp"
        },
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "102425373348876556544986942506246403476",
                "28814639375271858089318625073850188912",
                "170048157033856145625459111568499724887",
                "303191948746478850412054177509340011880"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4"
    },
    {
        "id": "CVE-2019-14452-f9f171b5",
        "signature_type": "Function",
        "target": {
            "file": "src/Importers/ImportEPUB.cpp",
            "function": "ImportEPUB::ExtractContainer"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "82493519203815772685487879984072479769",
            "length": 2563.0
        },
        "signature_version": "v1",
        "source": "https://github.com/sigil-ebook/sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4"
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14452.json"