Search for packages
| purl | pkg:deb/debian/calibre@2.75.1%2Bdfsg-1~bpo8%2B1 |
| Next non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Latest non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ze9-599r-aaam
Aliases: CVE-2023-46303 |
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4atp-nc7m-aaan
Aliases: CVE-2024-7009 |
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. |
Affected by 2 other vulnerabilities. |
|
VCID-camm-fnua-aaan
Aliases: CVE-2016-10187 |
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. |
Affected by 5 other vulnerabilities. |
|
VCID-fv8h-uybh-aaas
Aliases: CVE-2024-7008 |
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. |
Affected by 2 other vulnerabilities. |
|
VCID-jfsz-6s82-aaas
Aliases: CVE-2018-7889 |
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-w8cc-y1jy-aaac
Aliases: CVE-2021-44686 |
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-extm-bjc7-aaap | Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. |
CVE-2010-1028
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:49:52.808120+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T16:19:02.859600+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:47:06.452242+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:33:46.035169+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T00:31:54.169672+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.1.3 |
| 2025-06-20T23:38:43.301509+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | None | 36.1.3 |
| 2025-06-20T22:21:15.016186+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.1.3 |
| 2025-06-08T11:19:43.516947+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:05:18.347639+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:41:16.720472+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:27:49.857995+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T17:54:32.920553+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.1.0 |
| 2025-06-07T17:01:39.463411+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | None | 36.1.0 |
| 2025-06-07T15:45:28.216043+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.1.0 |
| 2025-04-13T02:00:59.278495+00:00 | Debian Oval Importer | Affected by | VCID-4atp-nc7m-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:54.854816+00:00 | Debian Oval Importer | Affected by | VCID-fv8h-uybh-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:08.027477+00:00 | Debian Oval Importer | Affected by | VCID-w8cc-y1jy-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:54:20.623984+00:00 | Debian Oval Importer | Affected by | VCID-1ze9-599r-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:17:02.011021+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:55:01.282740+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:03:41.214677+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:37:02.223030+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:13:44.015559+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:00:08.243259+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T16:31:19.687898+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.0.0 |
| 2025-04-07T15:34:54.005017+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | None | 36.0.0 |
| 2025-04-07T14:16:10.490354+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.0.0 |
| 2024-11-27T15:22:06.684743+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-13T09:10:07.007340+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-20T21:59:15.456492+00:00 | Debian Oval Importer | Fixing | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |