Calibre Security Vulnerabilities and Issues — Calibre CVE List

Lucene search

Calibre-ebookCalibre

5 matches found

cve•added 2023/10/22 6:15 p.m.•82 views

CVE-2023-46303

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

7.5CVSS7.5AI score0.00533EPSS

cve•added 2018/03/08 9:29 p.m.•78 views

CVE-2018-7889

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

7.8CVSS7.7AI score0.0332EPSS

cve•added 2021/12/07 12:15 a.m.•76 views

CVE-2021-44686

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

7.5CVSS7.3AI score0.00884EPSS

cve•added 2024/08/06 4:16 a.m.•43 views

CVE-2024-6781

Path traversal in Calibre

7.5CVSS7.7AI score0.93624EPSS

cve•added 2024/08/06 4:16 a.m.•27 views

CVE-2024-7009

Unsanitized user-input in Calibre

7.1CVSS5.2AI score0.00259EPSS