Search for packages
| purl | pkg:deb/debian/calibre@1.22.0%2Bdfsg1-1~bpo70%2B2 |
| Next non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Latest non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ze9-599r-aaam
Aliases: CVE-2023-46303 |
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4atp-nc7m-aaan
Aliases: CVE-2024-7009 |
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. |
Affected by 2 other vulnerabilities. |
|
VCID-camm-fnua-aaan
Aliases: CVE-2016-10187 |
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. |
Affected by 5 other vulnerabilities. |
|
VCID-extm-bjc7-aaap
Aliases: CVE-2010-1028 |
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. |
Affected by 6 other vulnerabilities. |
|
VCID-fv8h-uybh-aaas
Aliases: CVE-2024-7008 |
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. |
Affected by 2 other vulnerabilities. |
|
VCID-jfsz-6s82-aaas
Aliases: CVE-2018-7889 |
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-w8cc-y1jy-aaac
Aliases: CVE-2021-44686 |
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-56d5-5e4d-aaah | Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere. |
CVE-2011-4126
|
| VCID-gbtx-c8tt-aaak | A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root. |
CVE-2011-4125
|
| VCID-wv7k-6txy-aaan | Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges. |
CVE-2011-4124
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:49:52.803711+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T17:20:47.743305+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:11:04.738999+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:19:02.855917+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:47:06.447774+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:33:46.030469+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T12:47:25.815475+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T00:31:54.164797+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.1.3 |
| 2025-06-20T23:59:06.930653+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | None | 36.1.3 |
| 2025-06-20T23:38:43.296725+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | None | 36.1.3 |
| 2025-06-20T23:32:30.935445+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | None | 36.1.3 |
| 2025-06-20T23:26:28.376877+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | None | 36.1.3 |
| 2025-06-20T22:21:15.011335+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.1.3 |
| 2025-06-08T11:19:43.513906+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:01:50.022746+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:52:50.853412+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T09:05:18.344642+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:41:16.717444+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:27:49.854879+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T05:42:32.107601+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T17:54:32.916779+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.1.0 |
| 2025-06-07T17:21:59.870808+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | None | 36.1.0 |
| 2025-06-07T17:01:39.460398+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | None | 36.1.0 |
| 2025-06-07T16:55:26.312379+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | None | 36.1.0 |
| 2025-06-07T16:49:23.053892+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | None | 36.1.0 |
| 2025-06-07T15:45:28.212999+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.1.0 |
| 2025-04-13T02:00:59.267616+00:00 | Debian Oval Importer | Affected by | VCID-4atp-nc7m-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:54.844042+00:00 | Debian Oval Importer | Affected by | VCID-fv8h-uybh-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:08.016573+00:00 | Debian Oval Importer | Affected by | VCID-w8cc-y1jy-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:54:20.613191+00:00 | Debian Oval Importer | Affected by | VCID-1ze9-599r-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T22:10:29.286336+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:17:02.000689+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:16:00.720521+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:55:01.273067+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:44:18.586143+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:03:41.204970+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T08:34:06.900058+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T08:25:03.154063+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:37:02.213110+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:13:44.005738+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:00:08.233596+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T04:14:14.714030+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T16:31:19.677187+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.0.0 |
| 2025-04-07T15:56:04.368143+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | None | 36.0.0 |
| 2025-04-07T15:34:53.995096+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | None | 36.0.0 |
| 2025-04-07T15:28:26.741999+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | None | 36.0.0 |
| 2025-04-07T15:22:06.317564+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | None | 36.0.0 |
| 2025-04-07T14:16:10.479389+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.0.0 |
| 2024-11-28T14:16:45.490458+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T14:15:00.734133+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-28T14:12:50.068475+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-11-27T15:22:06.673762+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-14T00:56:32.582622+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-14T00:55:10.029533+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-14T00:54:28.438878+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-10-13T09:10:06.997754+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-21T04:31:40.454555+00:00 | Debian Oval Importer | Fixing | VCID-56d5-5e4d-aaah | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T04:30:58.790043+00:00 | Debian Oval Importer | Fixing | VCID-gbtx-c8tt-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-21T04:30:53.761350+00:00 | Debian Oval Importer | Fixing | VCID-wv7k-6txy-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |
| 2024-09-20T21:59:15.444040+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |