VYPR
Vendor

calibre

Products
2
CVEs
11
Across products
11
Status
Private

Products

2

Recent CVEs

11
  • CVE-2024-6782CriAug 6, 2024
    risk 0.66cvss 9.8epss 0.83

    Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution.

  • CVE-2011-4125CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.02

    A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

  • CVE-2011-4124CriOct 27, 2021
    risk 0.64cvss 9.8epss 0.02

    Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

  • CVE-2025-64486CriNov 8, 2025
    risk 0.60cvss epss 0.00

    calibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be…

  • CVE-2011-4126HigOct 27, 2021
    risk 0.53cvss 8.1epss 0.01

    Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

  • CVE-2023-46303HigOct 22, 2023
    risk 0.49cvss 7.5epss 0.01

    link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.

  • CVE-2021-44686HigDec 7, 2021
    risk 0.49cvss 7.5epss 0.05

    calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

  • CVE-2016-10187MedMar 16, 2017
    risk 0.29cvss 5.5epss 0.03

    The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.

  • CVE-2024-6781HigAug 6, 2024
    risk 0.05cvss 7.5epss 0.63

    Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.

  • CVE-2024-7008MedAug 6, 2024
    risk 0.02cvss 5.4epss 0.24

    Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

  • CVE-2024-7009MedAug 6, 2024
    risk 0.01cvss 4.2epss 0.14

    Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.