Calibre Ebook Calibre
By the Year
In 2024 there have been 0 vulnerabilities in Calibre Ebook Calibre . Last year Calibre had 1 security vulnerability published. Right now, Calibre is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 1 | 7.50 |
2022 | 0 | 0.00 |
2021 | 4 | 8.80 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 7.80 |
It may take a day or so for new Calibre vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Calibre Ebook Calibre Security Vulnerabilities
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0
CVE-2023-46303
7.5 - High
- October 22, 2023
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
XSPA
calibre before 5.32.0 contains a regular expression
CVE-2021-44686
7.5 - High
- December 07, 2021
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
Resource Exhaustion
Race condition issues were found in Calibre at devices/linux_mount_helper.c
CVE-2011-4126
8.1 - High
- October 27, 2021
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
TOCTTOU
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
CVE-2011-4125
9.8 - Critical
- October 27, 2021
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
Untrusted Path
Input validation issues were found in Calibre at devices/linux_mount_helper.c
CVE-2011-4124
9.8 - Critical
- October 27, 2021
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
Improper Input Validation
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code
CVE-2018-7889
7.8 - High
- March 08, 2018
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
Marshaling, Unmarshaling
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Calibre Ebook Calibre or by Calibre Ebook? Click the Watch button to subscribe.