Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vq4p-dvg4-eudz

Summary calibre: Calibre: Arbitrary file corruption via path traversal in EPUB conversion

Aliases

alias	CVE-2026-25636

Fixed_packages

url	pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1
purl	pkg:deb/debian/calibre@8.16.2%2Bds%2B~0.10.5-3~bpo13%2B1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.16.2%252Bds%252B~0.10.5-3~bpo13%252B1

url	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
purl	pkg:deb/debian/calibre@9.2.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.2.0%252Bds%252B~0.10.5-1%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl	pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie

url	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl	pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie

purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie

url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2

purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-4gvv-bsf9-vqca

vulnerability	VCID-b3vv-xdp2-7ub8

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-favj-1bjh-9uff

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2

url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie

purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5%3Fdistro=trixie

url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5

purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5

url pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1

purl pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2w1b-b6qm-4qhf

vulnerability	VCID-bjj5-ynf7-v7aa

vulnerability	VCID-dywq-dzuv-wka2

vulnerability	VCID-hgmk-8s7s-tfdb

vulnerability	VCID-jwpx-aqjh-dqej

vulnerability	VCID-mqmp-g7uy-gbg4

vulnerability	VCID-nj3z-4ya4-bqf7

vulnerability	VCID-vq4p-dvg4-eudz

vulnerability	VCID-x63d-4kux-cqcu

vulnerability	VCID-zhz3-1799-a7hk

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25636.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-25636

reference_id

reference_type

scores

value	0.00022
scoring_system	epss
scoring_elements	0.05964
published_at	2026-04-07T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05948
published_at	2026-04-02T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.05981
published_at	2026-04-04T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06003
published_at	2026-04-08T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06041
published_at	2026-04-09T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06031
published_at	2026-04-11T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06022
published_at	2026-04-12T12:55:00Z

value	0.00022
scoring_system	epss
scoring_elements	0.06014
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07061
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07085
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-25636

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25636

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2437730
reference_id	2437730
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2437730

reference_url

https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726

reference_id

9484ea82c6ab226c18e6ca5aa000fa16de598726

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/

url

https://github.com/kovidgoyal/calibre/commit/9484ea82c6ab226c18e6ca5aa000fa16de598726

reference_url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29

reference_id

GHSA-8r26-m7j5-hm29

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:19:25Z/

url

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-8r26-m7j5-hm29

Weaknesses

cwe_id	22
name	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
description	The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

cwe_id	73
name	External Control of File Name or Path
description	The product allows user input to control or influence paths or file names that are used in filesystem operations.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score 8.2 - 8.2

Exploitability 0.5

Weighted_severity 7.4

Risk_score 3.7

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq4p-dvg4-eudz

Vulnerability Instance