calibre
Products
2- 11 CVEs
- 0 CVEs
Recent CVEs
11| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-6782 | Cri | 0.66 | 9.8 | 0.83 | Aug 6, 2024 | Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. | ||
| CVE-2011-4125 | Cri | 0.64 | 9.8 | 0.02 | Oct 27, 2021 | A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. | ||
| CVE-2011-4124 | Cri | 0.64 | 9.8 | 0.02 | Oct 27, 2021 | Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. | ||
| CVE-2025-64486 | Cri | 0.60 | — | 0.00 | Nov 8, 2025 | calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be… | ||
| CVE-2011-4126 | Hig | 0.53 | 8.1 | 0.01 | Oct 27, 2021 | Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere. | ||
| CVE-2023-46303 | Hig | 0.49 | 7.5 | 0.01 | Oct 22, 2023 | link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. | ||
| CVE-2021-44686 | Hig | 0.49 | 7.5 | 0.05 | Dec 7, 2021 | calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. | ||
| CVE-2016-10187 | Med | 0.29 | 5.5 | 0.03 | Mar 16, 2017 | The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. | ||
| CVE-2024-6781 | Hig | 0.05 | 7.5 | 0.63 | Aug 6, 2024 | Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read. | ||
| CVE-2024-7008 | Med | 0.02 | 5.4 | 0.24 | Aug 6, 2024 | Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. | ||
| CVE-2024-7009 | Med | 0.01 | 4.2 | 0.14 | Aug 6, 2024 | Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. |
- risk 0.66cvss 9.8epss 0.83
Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.
- risk 0.64cvss 9.8epss 0.02
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
- risk 0.64cvss 9.8epss 0.02
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
- risk 0.60cvss —epss 0.00
calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be…
- risk 0.53cvss 8.1epss 0.01
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
- risk 0.49cvss 7.5epss 0.01
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
- risk 0.49cvss 7.5epss 0.05
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
- risk 0.29cvss 5.5epss 0.03
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
- risk 0.05cvss 7.5epss 0.63
Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.
- risk 0.02cvss 5.4epss 0.24
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.
- risk 0.01cvss 4.2epss 0.14
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.