CVE-2019-13032 — NULL Pointer Dereference in Flightcrew

CWE-476 — NULL Pointer Dereference9 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 63.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Flightcrew Project Flightcrew Debian Flightcrew

Timeline

PublishedJun 28

Latest updateMay 24

Description

An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/flightcrew< flightcrew 0.7.2+dfsg-14 (bookworm)

▶Debianflightcrew_project/flightcrew< 0.7.2+dfsg-14+3

▶Ubuntuflightcrew_project/flightcrew< 0.7.2+dfsg-6ubuntu0.1+1

▶NVDflightcrew_project/flightcrew0.9.2

🔴Vulnerability Details

GHSA

GHSA-qg8h-9c83-r4h2: An issue was discovered in FlightCrew v0↗2022-05-24

▶

OSV

flightcrew vulnerabilities↗2019-07-15

▶

OSV

CVE-2019-13032: An issue was discovered in FlightCrew v0↗2019-06-28

▶

📋Vendor Advisories

Ubuntu

flightcrew vulnerabilities↗2019-07-15

▶

Debian

CVE-2019-13032: flightcrew - An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer derefer...↗2019

▶

💬Community

Bugzilla

CVE-2019-13032 FlightCrew: null-pointer dereference in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments [fedora-all]↗2019-07-10

▶

Bugzilla

CVE-2019-13032 flightcrew: null-pointer dereference in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments↗2019-07-10

▶

Bugzilla

CVE-2019-13032 FlightCrew: null-pointer dereference in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments [epel-7]↗2019-07-10

▶