RSS   Vulnerabilities for 'Calibre'   RSS

2021-12-07
 
CVE-2021-44686

CWE-770
 

 
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

 
2021-10-27
 
CVE-2011-4124

CWE-20
 

 
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

 
 
CVE-2011-4125

CWE-426
 

 
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

 
 
CVE-2011-4126

CWE-367
 

 
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

 
2018-03-08
 
CVE-2018-7889

 

 
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

 
2017-03-16
 
CVE-2016-10187

 

 
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.

 


Copyright 2022, cxsecurity.com

 

Back to Top