Search for packages
Package details: pkg:deb/debian/calibre@3.39.1%2Bdfsg-3
purl pkg:deb/debian/calibre@3.39.1%2Bdfsg-3
Next non-vulnerable version 5.44.0+dfsg-1~bpo11+2
Latest non-vulnerable version 5.44.0+dfsg-1~bpo11+2
Risk 3.4
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-1ze9-599r-aaam
Aliases:
CVE-2023-46303
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
5.44.0+dfsg-1~bpo11+2
Affected by 0 other vulnerabilities.
VCID-4atp-nc7m-aaan
Aliases:
CVE-2024-7009
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
VCID-fv8h-uybh-aaas
Aliases:
CVE-2024-7008
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
VCID-w8cc-y1jy-aaac
Aliases:
CVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
5.44.0+dfsg-1~bpo11+1
Affected by 0 other vulnerabilities.
5.44.0+dfsg-1~bpo11+2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-jfsz-6s82-aaas gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. CVE-2018-7889

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T13:33:46.039967+00:00 Debian Oval Importer Fixing VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T07:09:06.781972+00:00 Debian Importer Fixing VCID-jfsz-6s82-aaas None 36.1.3
2025-06-20T23:51:55.689884+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-20T22:23:43.240270+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam None 36.1.3
2025-06-20T22:21:15.020518+00:00 Debian Oval Importer Fixing VCID-jfsz-6s82-aaas None 36.1.3
2025-06-20T20:25:08.475655+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 36.1.3
2025-06-20T19:43:17.452610+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-08T06:27:49.862219+00:00 Debian Oval Importer Fixing VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T15:45:28.221398+00:00 Debian Oval Importer Fixing VCID-jfsz-6s82-aaas None 36.1.0
2025-06-05T14:16:02.228423+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 36.1.0
2025-06-05T13:51:34.612600+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 36.1.0
2025-04-13T02:00:59.289288+00:00 Debian Oval Importer Affected by VCID-4atp-nc7m-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:58:54.865556+00:00 Debian Oval Importer Affected by VCID-fv8h-uybh-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:58:08.037453+00:00 Debian Oval Importer Affected by VCID-w8cc-y1jy-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:54:20.634249+00:00 Debian Oval Importer Affected by VCID-1ze9-599r-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:55:01.292453+00:00 Debian Oval Importer Fixing VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T05:00:08.253536+00:00 Debian Oval Importer Fixing VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T14:16:10.500396+00:00 Debian Oval Importer Fixing VCID-jfsz-6s82-aaas None 36.0.0
2025-04-05T04:25:23.878329+00:00 Debian Importer Fixing VCID-jfsz-6s82-aaas None 36.0.0
2025-04-04T02:33:24.050376+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T01:02:12.421695+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam None 36.0.0
2025-04-03T23:15:00.641175+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 36.0.0
2025-04-03T22:50:05.475464+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-02-21T14:23:47.620039+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T14:23:46.272907+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam None 35.1.0
2025-02-20T07:42:05.865195+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-20T07:41:55.011963+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 35.1.0
2025-02-19T04:25:22.670651+00:00 Debian Importer Fixing VCID-jfsz-6s82-aaas None 35.1.0
2024-11-24T03:29:34.653679+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-24T03:29:33.327689+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam None 35.0.0
2024-11-23T01:18:28.287691+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-23T01:18:17.138505+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 35.0.0
2024-10-11T00:53:12.753844+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-11T00:53:11.311006+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam None 34.0.2
2024-10-09T23:48:56.732680+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-09T23:48:45.422528+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 34.0.2
2024-09-20T05:23:22.295625+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-20T05:23:20.939329+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam None 34.0.1
2024-09-19T07:24:31.338158+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-19T07:24:20.647141+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 34.0.1
2024-04-26T05:50:22.367108+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-26T05:50:21.528793+00:00 Debian Importer Affected by VCID-1ze9-599r-aaam None 34.0.0rc4
2024-04-25T05:52:16.063480+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-25T05:51:57.795910+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 34.0.0rc4
2024-04-24T13:34:27.487836+00:00 Debian Importer Fixing VCID-jfsz-6s82-aaas None 34.0.0rc4
2024-01-11T07:52:35.805427+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-11T07:51:38.174597+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 34.0.0rc2
2024-01-10T16:10:50.604216+00:00 Debian Importer Fixing VCID-jfsz-6s82-aaas None 34.0.0rc2
2024-01-04T18:20:34.765628+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-04T18:19:40.585548+00:00 Debian Importer Affected by VCID-w8cc-y1jy-aaac None 34.0.0rc1
2024-01-04T06:08:23.740557+00:00 Debian Importer Fixing VCID-jfsz-6s82-aaas None 34.0.0rc1