High severity7.5NVD Advisory· Published Jul 31, 2019· Updated Jun 17, 2026
CVE-2019-14452
CVE-2019-14452
Description
Sigil before 0.9.16 is vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Sigil/Sigildescription
- Range: <0.9.16
Patches
Vulnerability mechanics
References
9- github.com/Sigil-Ebook/Sigil/commit/04e2f280cc4a0766bedcc7b9eb56449ceecc2ad4nvdPatchThird Party Advisory
- github.com/Sigil-Ebook/Sigil/commit/0979ba8d10c96ebca330715bfd4494ea0e019a8fnvdPatchThird Party Advisory
- github.com/Sigil-Ebook/Sigil/commit/369eebe936e4a8c83cc54662a3412ce8bef189e4nvdPatchThird Party Advisory
- github.com/Sigil-Ebook/Sigil/compare/ea7f27d...5b867e5nvdThird Party Advisory
- github.com/Sigil-Ebook/Sigil/releases/tag/0.9.16nvdRelease NotesThird Party Advisory
- github.com/Sigil-Ebook/flightcrew/issues/52nvdThird Party Advisory
- github.com/Sigil-Ebook/flightcrew/issues/52nvdThird Party Advisory
- usn.ubuntu.com/4085-1/nvdThird Party Advisory
- salvatoresecurity.com/zip-slip-in-sigil-cve-2019-14452/nvd
News mentions
0No linked articles in our index yet.