Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-b3vv-xdp2-7ub8
Summarycalibre is an e-book manager. In versions 8.13.0 and prior, calibre does not validate filenames when handling binary assets in FB2 files, allowing an attacker to write arbitrary files on the filesystem when viewing or converting a malicious FictionBook file. This can be leveraged to achieve arbitrary code execution. This issue is fixed in version 8.14.0.
Aliases
0
alias CVE-2025-64486
Fixed_packages
0
url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie
purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-bjj5-ynf7-v7aa
2
vulnerability VCID-dywq-dzuv-wka2
3
vulnerability VCID-hgmk-8s7s-tfdb
4
vulnerability VCID-jwpx-aqjh-dqej
5
vulnerability VCID-mqmp-g7uy-gbg4
6
vulnerability VCID-nj3z-4ya4-bqf7
7
vulnerability VCID-vq4p-dvg4-eudz
8
vulnerability VCID-x63d-4kux-cqcu
9
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5%3Fdistro=trixie
1
url pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5
purl pkg:deb/debian/calibre@6.13.0%2Brepack-2%2Bdeb12u5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-bjj5-ynf7-v7aa
2
vulnerability VCID-dywq-dzuv-wka2
3
vulnerability VCID-hgmk-8s7s-tfdb
4
vulnerability VCID-jwpx-aqjh-dqej
5
vulnerability VCID-mqmp-g7uy-gbg4
6
vulnerability VCID-nj3z-4ya4-bqf7
7
vulnerability VCID-vq4p-dvg4-eudz
8
vulnerability VCID-x63d-4kux-cqcu
9
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@6.13.0%252Brepack-2%252Bdeb12u5
2
url pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie
purl pkg:deb/debian/calibre@8.5.0%2Bds-1%2Bdeb13u1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-bjj5-ynf7-v7aa
2
vulnerability VCID-dywq-dzuv-wka2
3
vulnerability VCID-hgmk-8s7s-tfdb
4
vulnerability VCID-jwpx-aqjh-dqej
5
vulnerability VCID-mqmp-g7uy-gbg4
6
vulnerability VCID-nj3z-4ya4-bqf7
7
vulnerability VCID-vq4p-dvg4-eudz
8
vulnerability VCID-x63d-4kux-cqcu
9
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.5.0%252Bds-1%252Bdeb13u1%3Fdistro=trixie
3
url pkg:deb/debian/calibre@8.14.0%2Bds%2B~0.10.5-1?distro=trixie
purl pkg:deb/debian/calibre@8.14.0%2Bds%2B~0.10.5-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@8.14.0%252Bds%252B~0.10.5-1%3Fdistro=trixie
4
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-5?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-5%3Fdistro=trixie
5
url pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
purl pkg:deb/debian/calibre@9.6.0%2Bds%2B~0.10.5-6?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.6.0%252Bds%252B~0.10.5-6%3Fdistro=trixie
6
url pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
purl pkg:deb/debian/calibre@9.7.0%2Bds%2B~0.10.5-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@9.7.0%252Bds%252B~0.10.5-2%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie
purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-b3vv-xdp2-7ub8
2
vulnerability VCID-bjj5-ynf7-v7aa
3
vulnerability VCID-dywq-dzuv-wka2
4
vulnerability VCID-hgmk-8s7s-tfdb
5
vulnerability VCID-jwpx-aqjh-dqej
6
vulnerability VCID-mqmp-g7uy-gbg4
7
vulnerability VCID-nj3z-4ya4-bqf7
8
vulnerability VCID-vq4p-dvg4-eudz
9
vulnerability VCID-x63d-4kux-cqcu
10
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2%3Fdistro=trixie
1
url pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2
purl pkg:deb/debian/calibre@5.12.0%2Bdfsg-1%2Bdeb11u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2w1b-b6qm-4qhf
1
vulnerability VCID-4gvv-bsf9-vqca
2
vulnerability VCID-b3vv-xdp2-7ub8
3
vulnerability VCID-bjj5-ynf7-v7aa
4
vulnerability VCID-dywq-dzuv-wka2
5
vulnerability VCID-favj-1bjh-9uff
6
vulnerability VCID-hgmk-8s7s-tfdb
7
vulnerability VCID-jwpx-aqjh-dqej
8
vulnerability VCID-mqmp-g7uy-gbg4
9
vulnerability VCID-nj3z-4ya4-bqf7
10
vulnerability VCID-vq4p-dvg4-eudz
11
vulnerability VCID-x63d-4kux-cqcu
12
vulnerability VCID-zhz3-1799-a7hk
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/calibre@5.12.0%252Bdfsg-1%252Bdeb11u2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-64486
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09639
published_at 2026-04-08T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.09542
published_at 2026-04-16T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.09652
published_at 2026-04-13T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.09668
published_at 2026-04-12T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.097
published_at 2026-04-11T12:55:00Z
5
value 0.00033
scoring_system epss
scoring_elements 0.09687
published_at 2026-04-09T12:55:00Z
6
value 0.00033
scoring_system epss
scoring_elements 0.09566
published_at 2026-04-07T12:55:00Z
7
value 0.00039
scoring_system epss
scoring_elements 0.11816
published_at 2026-04-18T12:55:00Z
8
value 0.00053
scoring_system epss
scoring_elements 0.16906
published_at 2026-04-04T12:55:00Z
9
value 0.00053
scoring_system epss
scoring_elements 0.16849
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-64486
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64486
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64486
2
reference_url https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5
reference_id 6f94bce214bf7d43c829804db3741afa5e83c0c5
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T21:34:15Z/
url https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5
3
reference_url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
reference_id GHSA-hpwq-c98h-xp8g
reference_type
scores
0
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-11-13T21:34:15Z/
url https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
Weaknesses
0
cwe_id 73
name External Control of File Name or Path
description The product allows user input to control or influence paths or file names that are used in filesystem operations.
Exploits
Severity_range_score9.3 - 9.3
Exploitability0.5
Weighted_severity8.4
Risk_score4.2
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-b3vv-xdp2-7ub8