CVE-2019-14452

Name of the Vulnerable Software and Affected Versions Sigil versions prior to 0.9.16

Description The issue exists due to incorrect restriction of the path name to a directory with limited access. This can be exploited by a remote attacker to write arbitrary files to any directory. The vulnerability is related to a directory traversal issue, where attackers can write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction.

Recommendations For versions prior to 0.9.16, update to version 0.9.16 or later to resolve the issue. As a temporary workaround, consider restricting access to ZIP archive entries to minimize the risk of exploitation. Avoid using the vulnerable software to extract ZIP archives from untrusted sources until the issue is resolved.