{"id":"USN-4055-1","summary":"flightcrew vulnerabilities","details":"Mike Salvatore discovered that FlightCrew improperly handled certain\nmalformed EPUB files. An attacker could potentially use this vulnerability\nto cause a denial of service. (CVE-2019-13032)\n\nMike Salvatore discovered that FlightCrew mishandled certain malformed EPUB\nfiles. An attacker could use this vulnerability to write arbitrary files to\nthe filesystem. (CVE-2019-13241)\n\nMike Salvatore discovered that the version of Zipios included in FlightCrew\nmishandled certain malformed ZIP files. An attacker could use this vulnerability\nto cause a denial of service or consume system resources. (CVE-2019-13453)\n","modified":"2026-04-22T10:00:22.830781Z","published":"2019-07-15T13:42:14Z","related":["UBUNTU-CVE-2019-13032","UBUNTU-CVE-2019-13241","UBUNTU-CVE-2019-13453"],"upstream":["CVE-2019-13032","CVE-2019-13241","CVE-2019-13453","UBUNTU-CVE-2019-13032","UBUNTU-CVE-2019-13241","UBUNTU-CVE-2019-13453"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4055-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13032"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13241"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-13453"}],"affected":[{"package":{"name":"flightcrew","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/flightcrew@0.7.2+dfsg-6ubuntu0.1?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.2+dfsg-6ubuntu0.1"}]}],"versions":["0.7.2+dfsg-2","0.7.2+dfsg-3","0.7.2+dfsg-4","0.7.2+dfsg-5","0.7.2+dfsg-6"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"flightcrew","binary_version":"0.7.2+dfsg-6ubuntu0.1"},{"binary_name":"libflightcrew0v5","binary_version":"0.7.2+dfsg-6ubuntu0.1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-13032"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13241"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13453"}],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4055-1.json"}},{"package":{"name":"flightcrew","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/flightcrew@0.7.2+dfsg-10ubuntu0.1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.7.2+dfsg-10ubuntu0.1"}]}],"versions":["0.7.2+dfsg-9","0.7.2+dfsg-9build1","0.7.2+dfsg-9build2","0.7.2+dfsg-10"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"flightcrew","binary_version":"0.7.2+dfsg-10ubuntu0.1"},{"binary_name":"libflightcrew0v5","binary_version":"0.7.2+dfsg-10ubuntu0.1"}]},"database_specific":{"cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"low","type":"Ubuntu"}],"id":"CVE-2019-13032"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13241"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-13453"}],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4055-1.json"}}],"schema_version":"1.7.5"}