Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/calibre@3.39.1%2Bdfsg-3
purl pkg:deb/debian/calibre@3.39.1%2Bdfsg-3
Next non-vulnerable version 8.16.2+ds+~0.10.5-3~bpo13+1
Latest non-vulnerable version 8.16.2+ds+~0.10.5-3~bpo13+1
Risk 2.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-4gvv-bsf9-vqca
Aliases:
CVE-2023-46303
Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution.
6.13.0+repack-2+deb12u5
Affected by 10 other vulnerabilities.
VCID-favj-1bjh-9uff
Aliases:
CVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
6.13.0+repack-2+deb12u5
Affected by 10 other vulnerabilities.
VCID-pa4n-csyj-wqet
Aliases:
CVE-2024-7009
Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution.
5.12.0+dfsg-1+deb11u2
Affected by 13 other vulnerabilities.
VCID-ycp8-ws8x-3qbn
Aliases:
CVE-2024-7008
Multiple vulnerabilities have been discovered in calibre, the worst of which could lead to remote code execution.
5.12.0+dfsg-1+deb11u2
Affected by 13 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-xhf1-k7jg-6ued gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. CVE-2018-7889

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T00:54:31.884124+00:00 Debian Oval Importer Affected by VCID-pa4n-csyj-wqet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:13:06.512985+00:00 Debian Oval Importer Affected by VCID-ycp8-ws8x-3qbn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T22:38:03.679789+00:00 Debian Oval Importer Affected by VCID-favj-1bjh-9uff https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T22:23:57.565023+00:00 Debian Oval Importer Fixing VCID-xhf1-k7jg-6ued https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:53:00.169809+00:00 Debian Oval Importer Affected by VCID-4gvv-bsf9-vqca https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-12T00:26:55.105332+00:00 Debian Oval Importer Affected by VCID-pa4n-csyj-wqet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:48:56.176192+00:00 Debian Oval Importer Affected by VCID-ycp8-ws8x-3qbn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:14:51.244896+00:00 Debian Oval Importer Affected by VCID-favj-1bjh-9uff https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:01:10.354204+00:00 Debian Oval Importer Fixing VCID-xhf1-k7jg-6ued https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:37:27.083202+00:00 Debian Oval Importer Affected by VCID-4gvv-bsf9-vqca https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:57:23.419586+00:00 Debian Oval Importer Affected by VCID-pa4n-csyj-wqet https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:23:35.587974+00:00 Debian Oval Importer Affected by VCID-ycp8-ws8x-3qbn https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:51:12.106215+00:00 Debian Oval Importer Affected by VCID-favj-1bjh-9uff https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T21:38:14.492571+00:00 Debian Oval Importer Fixing VCID-xhf1-k7jg-6ued https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:22:35.427638+00:00 Debian Oval Importer Affected by VCID-4gvv-bsf9-vqca https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0