Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

Type deb

Namespace debian

Name calibre

Version 1.22.0+dfsg1-1~bpo70+2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.16.2+ds+~0.10.5-3~bpo13+1

Latest_non_vulnerable_version 8.16.2+ds+~0.10.5-3~bpo13+1

Affected_by_vulnerabilities

url VCID-4gvv-bsf9-vqca

vulnerability_id VCID-4gvv-bsf9-vqca

summary Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46303

reference_id

reference_type

scores

value	0.00567
scoring_system	epss
scoring_elements	0.68514
published_at	2026-04-21T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68536
published_at	2026-04-18T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68438
published_at	2026-04-02T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68458
published_at	2026-04-04T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68434
published_at	2026-04-07T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68485
published_at	2026-04-08T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68501
published_at	2026-04-09T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68527
published_at	2026-04-11T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68515
published_at	2026-04-12T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68482
published_at	2026-04-13T12:55:00Z

value	0.00567
scoring_system	epss
scoring_elements	0.68523
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46303

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46303
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46303

reference_url	https://security.gentoo.org/glsa/202409-04
reference_id	GLSA-202409-04
reference_type
scores
url	https://security.gentoo.org/glsa/202409-04

reference_url

https://github.com/0x1717/ssrf-via-img

reference_id

ssrf-via-img

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T13:24:03Z/

url

https://github.com/0x1717/ssrf-via-img

reference_url

https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0

reference_id

v6.18.1...v6.19.0

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-16T13:24:03Z/

url

https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0

fixed_packages

url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5

purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5

aliases CVE-2023-46303

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gvv-bsf9-vqca

url VCID-4kgm-mmjn-g3a7

vulnerability_id VCID-4kgm-mmjn-g3a7

summary The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-10187

reference_id

reference_type

scores

value	0.0039
scoring_system	epss
scoring_elements	0.60114
published_at	2026-04-18T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.6007
published_at	2026-04-13T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60108
published_at	2026-04-16T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.59944
published_at	2026-04-01T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60022
published_at	2026-04-02T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60046
published_at	2026-04-04T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60016
published_at	2026-04-07T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60066
published_at	2026-04-08T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.6008
published_at	2026-04-09T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60101
published_at	2026-04-21T12:55:00Z

value	0.0039
scoring_system	epss
scoring_elements	0.60087
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-10187

reference_url	https://bugs.launchpad.net/calibre/+bug/1651728
reference_id
reference_type
scores
url	https://bugs.launchpad.net/calibre/+bug/1651728

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10187
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10187

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c
reference_id
reference_type
scores
url	https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c

reference_url	http://www.openwall.com/lists/oss-security/2017/01/29/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/01/29/8

reference_url	http://www.openwall.com/lists/oss-security/2017/01/31/9
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2017/01/31/9

reference_url	http://www.securityfocus.com/bid/95909
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95909

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004
reference_id	853004
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853004

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:calibre-ebook:calibre::::::::
reference_id	cpe:2.3:a:calibre-ebook:calibre::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:calibre-ebook:calibre::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-10187

reference_id

CVE-2016-10187

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-10187

fixed_packages

url pkg:deb/debian/calibre@2.75.1%2Bdfsg-1

purl pkg:deb/debian/calibre@2.75.1%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.75.1%252Bdfsg-1

aliases CVE-2016-10187

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kgm-mmjn-g3a7

url VCID-favj-1bjh-9uff

vulnerability_id VCID-favj-1bjh-9uff

summary calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-44686

reference_id

reference_type

scores

value	0.00412
scoring_system	epss
scoring_elements	0.61347
published_at	2026-04-01T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61424
published_at	2026-04-02T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61452
published_at	2026-04-04T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61423
published_at	2026-04-07T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.6147
published_at	2026-04-08T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61485
published_at	2026-04-09T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61506
published_at	2026-04-11T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61493
published_at	2026-04-12T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61473
published_at	2026-04-13T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61512
published_at	2026-04-16T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.61517
published_at	2026-04-18T12:55:00Z

value	0.00412
scoring_system	epss
scoring_elements	0.615
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-44686

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44686
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44686

fixed_packages

url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5

purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5

aliases CVE-2021-44686

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-favj-1bjh-9uff

url VCID-pa4n-csyj-wqet

vulnerability_id VCID-pa4n-csyj-wqet

summary Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7009

reference_id

reference_type

scores

value	0.08423
scoring_system	epss
scoring_elements	0.92349
published_at	2026-04-21T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.92339
published_at	2026-04-11T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.92341
published_at	2026-04-12T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.92338
published_at	2026-04-13T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.9235
published_at	2026-04-16T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.9231
published_at	2026-04-02T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.92315
published_at	2026-04-04T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.92318
published_at	2026-04-07T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.92329
published_at	2026-04-08T12:55:00Z

value	0.08423
scoring_system	epss
scoring_elements	0.92334
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7009

reference_url

https://starlabs.sg/advisories/24/24-7009/

reference_id

24-7009

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-06T13:15:35Z/

url

https://starlabs.sg/advisories/24/24-7009/

reference_url

https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7

reference_id

d56574285e8859d3d715eb7829784ee74337b7d7

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-06T13:15:35Z/

url

https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7

reference_url	https://security.gentoo.org/glsa/202409-04
reference_id	GLSA-202409-04
reference_type
scores
url	https://security.gentoo.org/glsa/202409-04

fixed_packages

url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2

purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2

aliases CVE-2024-7009

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pa4n-csyj-wqet

url VCID-xhf1-k7jg-6ued

vulnerability_id VCID-xhf1-k7jg-6ued

summary gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-7889

reference_id

reference_type

scores

value	0.10883
scoring_system	epss
scoring_elements	0.93416
published_at	2026-04-21T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93354
published_at	2026-04-01T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93362
published_at	2026-04-02T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.9337
published_at	2026-04-07T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93377
published_at	2026-04-08T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93381
published_at	2026-04-09T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93386
published_at	2026-04-13T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93385
published_at	2026-04-12T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93405
published_at	2026-04-16T12:55:00Z

value	0.10883
scoring_system	epss
scoring_elements	0.93409
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-7889

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242
reference_id	892242
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242

reference_url	https://security.archlinux.org/ASA-201803-8
reference_id	ASA-201803-8
reference_type
scores
url	https://security.archlinux.org/ASA-201803-8

reference_url

https://security.archlinux.org/AVG-650

reference_id

AVG-650

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-650

fixed_packages

url pkg:deb/debian/calibre@3.39.1%2Bdfsg-3

purl pkg:deb/debian/calibre@3.39.1%2Bdfsg-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-ycp8-ws8x-3qbn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@3.39.1%252Bdfsg-3

aliases CVE-2018-7889

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xhf1-k7jg-6ued

url VCID-ycp8-ws8x-3qbn

vulnerability_id VCID-ycp8-ws8x-3qbn

summary Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7008

reference_id

reference_type

scores

value	0.12708
scoring_system	epss
scoring_elements	0.93973
published_at	2026-04-04T12:55:00Z

value	0.12708
scoring_system	epss
scoring_elements	0.93988
published_at	2026-04-09T12:55:00Z

value	0.12708
scoring_system	epss
scoring_elements	0.93984
published_at	2026-04-08T12:55:00Z

value	0.12708
scoring_system	epss
scoring_elements	0.93976
published_at	2026-04-07T12:55:00Z

value	0.12708
scoring_system	epss
scoring_elements	0.93964
published_at	2026-04-02T12:55:00Z

value	0.13396
scoring_system	epss
scoring_elements	0.94212
published_at	2026-04-21T12:55:00Z

value	0.13396
scoring_system	epss
scoring_elements	0.94191
published_at	2026-04-13T12:55:00Z

value	0.13396
scoring_system	epss
scoring_elements	0.94207
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7008

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7008
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7008

reference_url

https://starlabs.sg/advisories/24/24-7008/

reference_id

24-7008

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:34:54Z/

url

https://starlabs.sg/advisories/24/24-7008/

reference_url

https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0

reference_id

863abac24e7bc3e5ca0b3307362ff1953ba53fe0

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-08T15:34:54Z/

url

https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0

reference_url	https://security.gentoo.org/glsa/202409-04
reference_id	GLSA-202409-04
reference_type
scores
url	https://security.gentoo.org/glsa/202409-04

fixed_packages

url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2

purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2

aliases CVE-2024-7008

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ycp8-ws8x-3qbn

url VCID-z6j2-32tf-g7ax

vulnerability_id VCID-z6j2-32tf-g7ax

summary

Multiple vulnerabilities have been found in Mozilla Firefox,
    Thunderbird, SeaMonkey, NSS, GNU IceCat, and XULRunner, some of which may
    allow execution of arbitrary code or local privilege escalation.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1028.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-1028

reference_id

reference_type

scores

value	0.09896
scoring_system	epss
scoring_elements	0.93024
published_at	2026-04-21T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.92976
published_at	2026-04-01T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.92984
published_at	2026-04-02T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.92988
published_at	2026-04-04T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.92987
published_at	2026-04-07T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.92996
published_at	2026-04-08T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.93
published_at	2026-04-09T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.93005
published_at	2026-04-11T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.93003
published_at	2026-04-12T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.93004
published_at	2026-04-13T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.93014
published_at	2026-04-16T12:55:00Z

value	0.09896
scoring_system	epss
scoring_elements	0.93017
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-1028

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=566596
reference_id	566596
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=566596

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085
reference_id	787085
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787085

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028
reference_id	CVE-2010-1028
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1028

reference_url	https://security.gentoo.org/glsa/201301-01
reference_id	GLSA-201301-01
reference_type
scores
url	https://security.gentoo.org/glsa/201301-01

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2010-08

reference_id

mfsa2010-08

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2010-08

fixed_packages

url pkg:deb/debian/calibre@2.75.1%2Bdfsg-1~bpo8%2B1

purl pkg:deb/debian/calibre@2.75.1%2Bdfsg-1~bpo8%2B1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@2.75.1%252Bdfsg-1~bpo8%252B1

aliases CVE-2010-1028

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6j2-32tf-g7ax

Fixing_vulnerabilities

url VCID-1uhd-3upf-nqbu

vulnerability_id VCID-1uhd-3upf-nqbu

summary Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4126

reference_id

reference_type

scores

value	0.00486
scoring_system	epss
scoring_elements	0.65296
published_at	2026-04-01T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65345
published_at	2026-04-02T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65371
published_at	2026-04-04T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65336
published_at	2026-04-07T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65388
published_at	2026-04-08T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65399
published_at	2026-04-09T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65418
published_at	2026-04-11T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65405
published_at	2026-04-12T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65378
published_at	2026-04-13T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65414
published_at	2026-04-16T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65425
published_at	2026-04-18T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.6541
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4126

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4126
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4126

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584915
reference_id	584915
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584915

fixed_packages

url pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

purl pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

vulnerability	VCID-z6j2-32tf-g7ax

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@1.22.0%252Bdfsg1-1~bpo70%252B2

aliases CVE-2011-4126

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uhd-3upf-nqbu

url VCID-qsbr-up7k-kbcr

vulnerability_id VCID-qsbr-up7k-kbcr

summary Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4124

reference_id

reference_type

scores

value	0.00627
scoring_system	epss
scoring_elements	0.70153
published_at	2026-04-01T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70165
published_at	2026-04-02T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70182
published_at	2026-04-04T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.7016
published_at	2026-04-07T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70207
published_at	2026-04-08T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70221
published_at	2026-04-09T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70245
published_at	2026-04-11T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.7023
published_at	2026-04-12T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70217
published_at	2026-04-13T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70259
published_at	2026-04-16T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70268
published_at	2026-04-18T12:55:00Z

value	0.00627
scoring_system	epss
scoring_elements	0.70247
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4124

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4124
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4124

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584915
reference_id	584915
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584915

fixed_packages

url pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

purl pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

vulnerability	VCID-z6j2-32tf-g7ax

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@1.22.0%252Bdfsg1-1~bpo70%252B2

aliases CVE-2011-4124

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qsbr-up7k-kbcr

url VCID-stnm-9pm7-gqbv

vulnerability_id VCID-stnm-9pm7-gqbv

summary A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2011-4125

reference_id

reference_type

scores

value	0.00736
scoring_system	epss
scoring_elements	0.72756
published_at	2026-04-01T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72764
published_at	2026-04-02T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72784
published_at	2026-04-04T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.7276
published_at	2026-04-07T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72798
published_at	2026-04-08T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72812
published_at	2026-04-09T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72836
published_at	2026-04-11T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72819
published_at	2026-04-12T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72811
published_at	2026-04-13T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72852
published_at	2026-04-16T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72863
published_at	2026-04-18T12:55:00Z

value	0.00736
scoring_system	epss
scoring_elements	0.72855
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2011-4125

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4125
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4125

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584915
reference_id	584915
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584915

fixed_packages

url pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

purl pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-4kgm-mmjn-g3a7

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-pa4n-csyj-wqet

vulnerability	VCID-xhf1-k7jg-6ued

vulnerability	VCID-ycp8-ws8x-3qbn

vulnerability	VCID-z6j2-32tf-g7ax

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@1.22.0%252Bdfsg1-1~bpo70%252B2

aliases CVE-2011-4125

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stnm-9pm7-gqbv

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@1.22.0%252Bdfsg1-1~bpo70%252B2

Package Instance