calibre-ebook calibre - vulnerabilities and exploits

(subscribe to this query)

5.5

CVSSv3

The E-book viewer in calibre prior to 2.75 allows remote malicious users to read arbitrary files via a crafted epub file with JavaScript.

Calibre-ebook Calibre

7.5

CVSSv3

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre prior to 6.19.0 can, by default, add resources outside of the document root.

Calibre-ebook Calibre

1 Github repository

9.8

CVSSv3

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

Calibre-ebook Calibre -

9.8

CVSSv3

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

Calibre-ebook Calibre -

8.1

CVSSv3

Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

Calibre-ebook Calibre -

7.8

CVSSv3

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote malicious users to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

Calibre-ebook Calibre 3.18.0

7.5

CVSSv3

calibre prior to 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

Calibre-ebook Calibre Fedoraproject Fedora 34

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook