Search criteria
15 vulnerabilities by calibre-ebook
CVE-2026-26065 (GCVE-0-2026-26065)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:54 – Updated: 2026-02-20 16:41
VLAI?
Title
calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution
Summary
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kovidgoyal | calibre |
Affected:
< 9.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26065",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T16:41:04.261516Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T16:41:32.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"status": "affected",
"version": "\u003c 9.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in \u0027wb\u0027 mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:54:03.128Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8"
}
],
"source": {
"advisory": "GHSA-vmfh-7mr7-pp2w",
"discovery": "UNKNOWN"
},
"title": "calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26065",
"datePublished": "2026-02-20T01:54:03.128Z",
"dateReserved": "2026-02-10T18:01:31.900Z",
"dateUpdated": "2026-02-20T16:41:32.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-26064 (GCVE-0-2026-26064)
Vulnerability from cvelistv5 – Published: 2026-02-20 01:44 – Updated: 2026-02-20 15:34
VLAI?
Title
calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution
Summary
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith('Pictures'), and does not sanitize '..' sequences. calibre's own ZipFile.extractall() in utils/zipfile.py does sanitize '..' via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0.
Severity ?
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kovidgoyal | calibre |
Affected:
< 9.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-26064",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-20T15:29:11.225512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T15:34:24.625Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"status": "affected",
"version": "\u003c 9.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. Function extract_pictures only checks startswith(\u0027Pictures\u0027), and does not sanitize \u0027..\u0027 sequences. calibre\u0027s own ZipFile.extractall() in utils/zipfile.py does sanitize \u0027..\u0027 via _get_targetpath(), but extract_pictures() bypasses this by using manual zf.read() + open(). This issue has been fixed in version 9.3.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T01:44:34.137Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-72ch-3hqc-pgmp"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kovidgoyal/calibre/commit/e1b5f9b45a5e8fa96c136963ad9a1d35e6adac62"
}
],
"source": {
"advisory": "GHSA-72ch-3hqc-pgmp",
"discovery": "UNKNOWN"
},
"title": "calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-26064",
"datePublished": "2026-02-20T01:44:34.137Z",
"dateReserved": "2026-02-10T18:01:31.900Z",
"dateUpdated": "2026-02-20T15:34:24.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25731 (GCVE-0-2026-25731)
Vulnerability from cvelistv5 – Published: 2026-02-06 20:14 – Updated: 2026-02-06 21:02
VLAI?
Title
Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export
Summary
calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre's Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0.
Severity ?
7.8 (High)
CWE
- CWE-1336 - Improper Neutralization of Special Elements Used in a Template Engine
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kovidgoyal | calibre |
Affected:
< 9.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T21:01:31.473045Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T21:02:01.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calibre is an e-book manager. Prior to 9.2.0, a Server-Side Template Injection (SSTI) vulnerability in Calibre\u0027s Templite templating engine allows arbitrary code execution when a user converts an ebook using a malicious custom template file via the --template-html or --template-html-index command-line options. This vulnerability is fixed in 9.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1336",
"description": "CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T20:14:35.822Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-xrh9-w7qx-3gcc"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kovidgoyal/calibre/commit/f0649b27512e987b95fcab2e1e0a3bcdafc23379"
}
],
"source": {
"advisory": "GHSA-xrh9-w7qx-3gcc",
"discovery": "UNKNOWN"
},
"title": "Calibre Affected by Arbitrary Code Execution via Server-Side Template Injection in Calibre HTML Export"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25731",
"datePublished": "2026-02-06T20:14:35.822Z",
"dateReserved": "2026-02-05T16:48:00.427Z",
"dateUpdated": "2026-02-06T21:02:01.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25635 (GCVE-0-2026-25635)
Vulnerability from cvelistv5 – Published: 2026-02-06 20:10 – Updated: 2026-02-11 14:54
VLAI?
Title
calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution
Summary
calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
Severity ?
8.6 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kovidgoyal | calibre |
Affected:
< 9.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:20:48.529881Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:28:06.665Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-11T14:54:23.143Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://0x5t.raptx.org/posts/calibre-chm-rce"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calibre is an e-book manager. Prior to 9.2.0, Calibre\u0027s CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven\u0027t tested on other OS\u0027s), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T20:10:29.839Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9"
}
],
"source": {
"advisory": "GHSA-32vh-whvh-9fxr",
"discovery": "UNKNOWN"
},
"title": "calibre has a Path Traversal Leading to Arbitrary File Write and Potential Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25635",
"datePublished": "2026-02-06T20:10:29.839Z",
"dateReserved": "2026-02-04T05:15:41.790Z",
"dateUpdated": "2026-02-11T14:54:23.143Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-25636 (GCVE-0-2026-25636)
Vulnerability from cvelistv5 – Published: 2026-02-06 20:07 – Updated: 2026-02-11 14:51
VLAI?
Title
calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution
Summary
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
Severity ?
8.2 (High)
CWE
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| kovidgoyal | calibre |
Affected:
< 9.2.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-25636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-09T15:19:25.611213Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-09T15:28:11.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-02-11T14:51:19.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://0x5t.raptx.org/posts/calibre-epub-rce"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"status": "affected",
"version": "\u003c 9.2.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre\u0027s EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-73",
"description": "CWE-73: External Control of File Name or Path",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T20:07:40.529Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726"
}
],
"source": {
"advisory": "GHSA-8r26-m7j5-hm29",
"discovery": "UNKNOWN"
},
"title": "calibre has a Path Traversal Leading to Arbitrary File Corruption and Code Execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-25636",
"datePublished": "2026-02-06T20:07:40.529Z",
"dateReserved": "2026-02-04T05:15:41.790Z",
"dateUpdated": "2026-02-11T14:51:19.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-7009 (GCVE-0-2024-7009)
Vulnerability from cvelistv5 – Published: 2024-08-06 03:40 – Updated: 2024-08-06 13:37
VLAI?
Title
Calibre SQL Injection
Summary
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
Severity ?
4.2 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Devesh Logendran of STAR Labs SG Pte. Ltd. (@starlabs_sg)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:kovidgoyal:calibre:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "calibre",
"vendor": "kovidgoyal",
"versions": [
{
"lessThanOrEqual": "7.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7009",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T13:15:35.411350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T13:37:59.031Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Calibre",
"repo": "https://github.com/kovidgoyal/calibre",
"vendor": "Calibre",
"versions": [
{
"status": "affected",
"version": "7.15.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Devesh Logendran of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u0026nbsp;Unsanitized user-input in Calibre \u0026lt;= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database."
}
],
"value": "Unsanitized user-input in Calibre \u003c= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database."
}
],
"impacts": [
{
"capecId": "CAPEC-66",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-66 SQL Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T03:40:33.075Z",
"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"shortName": "STAR_Labs"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://starlabs.sg/advisories/24/24-7009/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Calibre SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"assignerShortName": "STAR_Labs",
"cveId": "CVE-2024-7009",
"datePublished": "2024-08-06T03:40:33.075Z",
"dateReserved": "2024-07-23T03:50:21.540Z",
"dateUpdated": "2024-08-06T13:37:59.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7008 (GCVE-0-2024-7008)
Vulnerability from cvelistv5 – Published: 2024-08-06 03:40 – Updated: 2024-08-08 15:35
VLAI?
Title
Calibre Reflected Cross-Site Scripting (XSS)
Summary
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Devesh Logendran of STAR Labs SG Pte. Ltd. (@starlabs_sg)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:calibre:calibre:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "calibre",
"vendor": "calibre",
"versions": [
{
"lessThanOrEqual": "7.15.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7008",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-08T15:34:54.001518Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-08T15:35:47.150Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Calibre",
"repo": "https://github.com/kovidgoyal/calibre",
"vendor": "Calibre",
"versions": [
{
"status": "affected",
"version": "7.15.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Devesh Logendran of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Unsanitized user-input in Calibre \u0026lt;= 7.15.0 allow attackers to perform reflected cross-site scripting."
}
],
"value": "Unsanitized user-input in Calibre \u003c= 7.15.0 allow attackers to perform reflected cross-site scripting."
}
],
"impacts": [
{
"capecId": "CAPEC-591",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-591 Reflected XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T03:40:01.147Z",
"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"shortName": "STAR_Labs"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://starlabs.sg/advisories/24/24-7008/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Calibre Reflected Cross-Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"assignerShortName": "STAR_Labs",
"cveId": "CVE-2024-7008",
"datePublished": "2024-08-06T03:40:01.147Z",
"dateReserved": "2024-07-23T03:50:19.540Z",
"dateUpdated": "2024-08-08T15:35:47.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6781 (GCVE-0-2024-6781)
Vulnerability from cvelistv5 – Published: 2024-08-06 03:38 – Updated: 2024-08-06 14:49
VLAI?
Title
Calibre Arbitrary File Read
Summary
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Credits
Amos Ng (@LFlare) of STAR Labs SG Pte. Ltd. (@starlabs_sg)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:calibre:calibre:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "calibre",
"vendor": "calibre",
"versions": [
{
"status": "affected",
"version": "7.14.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6781",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T14:44:09.342810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T14:49:38.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Calibre",
"repo": "https://github.com/kovidgoyal/calibre/",
"vendor": "Calibre",
"versions": [
{
"status": "affected",
"version": "7.14.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Amos Ng (@LFlare) of STAR Labs SG Pte. Ltd. (@starlabs_sg)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Path traversal in Calibre \u0026lt;= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read."
}
],
"value": "Path traversal in Calibre \u003c= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read."
}
],
"impacts": [
{
"capecId": "CAPEC-139",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-139 Relative Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-06T03:38:45.309Z",
"orgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"shortName": "STAR_Labs"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://starlabs.sg/advisories/24/24-6781/"
},
{
"tags": [
"patch"
],
"url": "https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Calibre Arbitrary File Read",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "b1571b85-cbc9-431f-830b-0c8155323a69",
"assignerShortName": "STAR_Labs",
"cveId": "CVE-2024-6781",
"datePublished": "2024-08-06T03:38:45.309Z",
"dateReserved": "2024-07-16T03:02:26.032Z",
"dateUpdated": "2024-08-06T14:49:38.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-46303 (GCVE-0-2023-46303)
Vulnerability from cvelistv5 – Published: 2023-10-22 00:00 – Updated: 2025-11-04 16:10
VLAI?
Summary
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:10:39.079Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/0x1717/ssrf-via-img"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00005.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46303",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-16T13:24:03.127351Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-16T13:24:15.532Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-22T17:10:33.030Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/0x1717/ssrf-via-img"
},
{
"url": "https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-46303",
"datePublished": "2023-10-22T00:00:00.000Z",
"dateReserved": "2023-10-22T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:10:39.079Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-44686 (GCVE-0-2021-44686)
Vulnerability from cvelistv5 – Published: 2021-12-06 23:41 – Updated: 2025-11-04 16:09
VLAI?
Summary
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T16:09:27.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/calibre/+bug/1951979"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dwisiswant0/advisory/issues/18"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0"
},
{
"name": "FEDORA-2021-e42fadbcc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QKFPYJ23KG6WJ5NIYAM4N2NWZCLQGL/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00005.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-22T02:06:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/calibre/+bug/1951979"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dwisiswant0/advisory/issues/18"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0"
},
{
"name": "FEDORA-2021-e42fadbcc3",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QKFPYJ23KG6WJ5NIYAM4N2NWZCLQGL/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-44686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/calibre/+bug/1951979",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/calibre/+bug/1951979"
},
{
"name": "https://github.com/dwisiswant0/advisory/issues/18",
"refsource": "MISC",
"url": "https://github.com/dwisiswant0/advisory/issues/18"
},
{
"name": "https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0",
"refsource": "MISC",
"url": "https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0"
},
{
"name": "FEDORA-2021-e42fadbcc3",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7QKFPYJ23KG6WJ5NIYAM4N2NWZCLQGL/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-44686",
"datePublished": "2021-12-06T23:41:12.000Z",
"dateReserved": "2021-12-06T00:00:00.000Z",
"dateUpdated": "2025-11-04T16:09:27.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2011-4126 (GCVE-0-2011-4126)
Vulnerability from cvelistv5 – Published: 2021-10-27 00:50 – Updated: 2024-08-07 00:01
VLAI?
Summary
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.489Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calibre",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:50:15.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calibre",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-367"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
"refsource": "MISC",
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"name": "https://bugs.launchpad.net/calibre/+bug/885027",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"name": "https://lwn.net/Articles/464824/",
"refsource": "MISC",
"url": "https://lwn.net/Articles/464824/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4126",
"datePublished": "2021-10-27T00:50:15.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:50.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4125 (GCVE-0-2011-4125)
Vulnerability from cvelistv5 – Published: 2021-10-27 00:50 – Updated: 2024-08-07 00:01
VLAI?
Summary
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calibre",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:50:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calibre",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-426"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
"refsource": "MISC",
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"name": "https://bugs.launchpad.net/calibre/+bug/885027",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"name": "https://lwn.net/Articles/464824/",
"refsource": "MISC",
"url": "https://lwn.net/Articles/464824/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4125",
"datePublished": "2021-10-27T00:50:09.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:50.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4124 (GCVE-0-2011-4124)
Vulnerability from cvelistv5 – Published: 2021-10-27 00:50 – Updated: 2024-08-07 00:01
VLAI?
Summary
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:01:50.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Calibre",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "unknown"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-27T00:50:04.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lwn.net/Articles/464824/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calibre",
"version": {
"version_data": [
{
"version_value": "unknown"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/",
"refsource": "MISC",
"url": "https://git.zx2c4.com/calibre-mount-helper-exploit/about/"
},
{
"name": "https://www.openwall.com/lists/oss-security/2011/11/02/2",
"refsource": "MISC",
"url": "https://www.openwall.com/lists/oss-security/2011/11/02/2"
},
{
"name": "https://bugs.launchpad.net/calibre/+bug/885027",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/calibre/+bug/885027"
},
{
"name": "https://lwn.net/Articles/464824/",
"refsource": "MISC",
"url": "https://lwn.net/Articles/464824/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4124",
"datePublished": "2021-10-27T00:50:04.000Z",
"dateReserved": "2011-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:01:50.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7889 (GCVE-0-2018-7889)
Vulnerability from cvelistv5 – Published: 2018-03-08 21:00 – Updated: 2024-09-17 00:51
VLAI?
Summary
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/calibre/+bug/1753870"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-08T21:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/calibre/+bug/1753870"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/calibre/+bug/1753870",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/calibre/+bug/1753870"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d",
"refsource": "CONFIRM",
"url": "https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7889",
"datePublished": "2018-03-08T21:00:00.000Z",
"dateReserved": "2018-03-08T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:51:35.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10187 (GCVE-0-2016-10187)
Vulnerability from cvelistv5 – Published: 2017-03-16 15:00 – Updated: 2024-08-06 03:14
VLAI?
Summary
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:14:42.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.launchpad.net/calibre/+bug/1651728"
},
{
"name": "[oss-security] 20170129 Requesting CVE for calibre file disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/29/8"
},
{
"name": "[oss-security] 20170131 Re: Requesting CVE for calibre file disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c"
},
{
"name": "95909",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95909"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-01-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.launchpad.net/calibre/+bug/1651728"
},
{
"name": "[oss-security] 20170129 Requesting CVE for calibre file disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/29/8"
},
{
"name": "[oss-security] 20170131 Re: Requesting CVE for calibre file disclosure",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c"
},
{
"name": "95909",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95909"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/calibre/+bug/1651728",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/calibre/+bug/1651728"
},
{
"name": "[oss-security] 20170129 Requesting CVE for calibre file disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/29/8"
},
{
"name": "[oss-security] 20170131 Re: Requesting CVE for calibre file disclosure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2017/01/31/9"
},
{
"name": "https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c",
"refsource": "CONFIRM",
"url": "https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c"
},
{
"name": "95909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95909"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10187",
"datePublished": "2017-03-16T15:00:00.000Z",
"dateReserved": "2017-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-06T03:14:42.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}