An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library.
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Flightcrew | Flightcrew_project | * | 0.9.2 (including) |
| Flightcrew | Ubuntu | bionic | * |
| Flightcrew | Ubuntu | cosmic | * |
| Flightcrew | Ubuntu | devel | * |
| Flightcrew | Ubuntu | disco | * |
| Flightcrew | Ubuntu | esm-apps/bionic | * |
| Flightcrew | Ubuntu | esm-apps/xenial | * |
| Flightcrew | Ubuntu | trusty | * |
| Flightcrew | Ubuntu | upstream | * |
| Flightcrew | Ubuntu | xenial | * |
Potential Mitigations
References
- https://github.com/Sigil-Ebook/flightcrew/issues/53
- https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnerabilities-part-1-of-3/
- https://usn.ubuntu.com/4055-1/
- https://github.com/Sigil-Ebook/flightcrew/issues/53
- https://salvatoresecurity.com/fun-with-fuzzers-or-how-i-discovered-three-vulnerabilities-part-1-of-3/
- https://usn.ubuntu.com/4055-1/