Search for packages
| purl | pkg:deb/debian/calibre@9.5.0%2Bds%2B~0.10.5-1 |
| Tags | Ghost |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 3.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2w1b-b6qm-4qhf
Aliases: CVE-2026-33205 |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitrary URLs and exfiltrate information out from the ebook sandbox. Version 9.6.0 patches the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-dywq-dzuv-wka2
Aliases: CVE-2026-33206 |
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the file system into the converted book. Additionally, missing authentication and server-side request forgery in the background-image endpoint in the ebook reader web view allow the files to be exfiltrated without additional interaction. Version 9.6.0 contains a fix. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T17:10:29.834423+00:00 | Debian Importer | Affected by | VCID-2w1b-b6qm-4qhf | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-02T17:09:20.933540+00:00 | Debian Importer | Affected by | VCID-dywq-dzuv-wka2 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |