2 matches found
CVE-2025-64486
A vulnerability has been identified in Calibre. It does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve arbitrary code executi...
CVE-2025-64486
Calibre (multiformat e‑book manager) is vulnerable in versions up to 8.13.0 due to improper validation of filenames when handling binary resources in FB2 files. This allows an attacker to write arbitrary files to the filesystem when viewing or converting a malicious FictionBook file, potentially ...