CVE-2019-14452

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-14452
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14452.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-14452
Downstream
Related
Published
2019-07-31T02:15:10.977Z
Modified
2025-11-20T10:57:04.347842Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

References

Affected packages

Git / github.com/sigil-ebook/sigil

Affected ranges

Type
GIT
Repo
https://github.com/sigil-ebook/sigil
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4
Fixed
0979ba8d10c96ebca330715bfd4494ea0e019a8f
Fixed
369eebe936e4a8c83cc54662a3412ce8bef189e4
Fixed
5b867e569f5bd3f471ae71f2e301624069712896

Affected versions

0.*

0.4.1
0.4.2
0.5.0
0.5.1
0.5.2
0.5.3
0.6.0
0.6.1
0.6.2
0.7.0
0.7.1
0.7.2
0.7.3
0.7.4
0.8.0
0.8.1
0.8.2
0.8.3
0.8.4
0.8.900
0.8.901
0.9.0
0.9.1
0.9.10
0.9.11
0.9.12
0.9.13
0.9.14
0.9.15
0.9.2
0.9.3
0.9.4
0.9.5
0.9.6
0.9.7
0.9.8
0.9.9

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "target": {
            "file": "src/Misc/Utility.cpp",
            "function": "Utility::UnZip"
        },
        "deprecated": false,
        "source": "https://github.com/sigil-ebook/sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f",
        "id": "CVE-2019-14452-187fcff0",
        "signature_type": "Function",
        "digest": {
            "function_hash": "182395217239051067566291634887819240475",
            "length": 1854.0
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/sigil_exception.h"
        },
        "deprecated": false,
        "source": "https://github.com/sigil-ebook/sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f",
        "id": "CVE-2019-14452-36998d3d",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "208043562837169991166544622942838125766",
                "326803285296918462666518107266371185255"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/Misc/Utility.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/sigil-ebook/sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8f",
        "id": "CVE-2019-14452-74de99f5",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "130891689586634692963401675223951984388",
                "102425373348876556544986942506246403476",
                "246863910420444580698523536143003827497",
                "122839018934126442639130559388211875848",
                "220896107346917495667970250931919460495"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/BookManipulation/Book.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/sigil-ebook/sigil/commit/5b867e569f5bd3f471ae71f2e301624069712896",
        "id": "CVE-2019-14452-94aa0873",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "91926295081885281339467081712180333814",
                "185102269791397197616450499299782208388",
                "222228852761138575611763980038136668554",
                "290716185337369713183669438939510716289"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/Importers/ImportEPUB.cpp"
        },
        "deprecated": false,
        "source": "https://github.com/sigil-ebook/sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4",
        "id": "CVE-2019-14452-b9e751b0",
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "102425373348876556544986942506246403476",
                "28814639375271858089318625073850188912",
                "170048157033856145625459111568499724887",
                "303191948746478850412054177509340011880"
            ]
        }
    },
    {
        "signature_version": "v1",
        "target": {
            "file": "src/Importers/ImportEPUB.cpp",
            "function": "ImportEPUB::ExtractContainer"
        },
        "deprecated": false,
        "source": "https://github.com/sigil-ebook/sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4",
        "id": "CVE-2019-14452-f9f171b5",
        "signature_type": "Function",
        "digest": {
            "function_hash": "82493519203815772685487879984072479769",
            "length": 2563.0
        }
    }
]