calibre-ebook calibre vulnerabilities and exploits

(subscribe to this query)

10

CVSSv2

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

Calibre-ebook Calibre -

4.3

CVSSv2

The E-book viewer in calibre prior to 2.75 allows remote malicious users to read arbitrary files via a crafted epub file with JavaScript.

Calibre-ebook Calibre

NA

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre prior to 6.19.0 can, by default, add resources outside of the document root.

Calibre-ebook Calibre

1 Github repository

10

CVSSv2

Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

Calibre-ebook Calibre -

9.3

CVSSv2

Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

Calibre-ebook Calibre -

6.8

CVSSv2

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote malicious users to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

Calibre-ebook Calibre 3.18.0

5

CVSSv2

calibre prior to 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

Calibre-ebook Calibre Fedoraproject Fedora 34

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook