Search for packages
Package details: pkg:deb/debian/calibre@0.8.51%2Bdfsg1-0.1
purl pkg:deb/debian/calibre@0.8.51%2Bdfsg1-0.1
Next non-vulnerable version 5.44.0+dfsg-1~bpo11+2
Latest non-vulnerable version 5.44.0+dfsg-1~bpo11+2
Risk 10.0
Vulnerabilities affecting this package (10)
Vulnerability Summary Fixed by
VCID-1ze9-599r-aaam
Aliases:
CVE-2023-46303
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
5.44.0+dfsg-1~bpo11+2
Affected by 0 other vulnerabilities.
VCID-4atp-nc7m-aaan
Aliases:
CVE-2024-7009
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
VCID-56d5-5e4d-aaah
Aliases:
CVE-2011-4126
Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.
1.22.0+dfsg1-1~bpo70+2
Affected by 7 other vulnerabilities.
VCID-camm-fnua-aaan
Aliases:
CVE-2016-10187
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
2.75.1+dfsg-1
Affected by 5 other vulnerabilities.
VCID-extm-bjc7-aaap
Aliases:
CVE-2010-1028
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0.
2.75.1+dfsg-1~bpo8+1
Affected by 6 other vulnerabilities.
VCID-fv8h-uybh-aaas
Aliases:
CVE-2024-7008
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
VCID-gbtx-c8tt-aaak
Aliases:
CVE-2011-4125
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
1.22.0+dfsg1-1~bpo70+2
Affected by 7 other vulnerabilities.
VCID-jfsz-6s82-aaas
Aliases:
CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
3.39.1+dfsg-3~bpo9+1
Affected by 0 other vulnerabilities.
3.39.1+dfsg-3
Affected by 4 other vulnerabilities.
VCID-w8cc-y1jy-aaac
Aliases:
CVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
5.12.0+dfsg-1+deb11u2
Affected by 2 other vulnerabilities.
5.44.0+dfsg-1~bpo11+1
Affected by 0 other vulnerabilities.
5.44.0+dfsg-1~bpo11+2
Affected by 0 other vulnerabilities.
VCID-wv7k-6txy-aaan
Aliases:
CVE-2011-4124
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injection and elevation of privileges.
1.22.0+dfsg1-1~bpo70+2
Affected by 7 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:49:52.801438+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T17:20:47.741350+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:11:04.736597+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:19:02.853971+00:00 Debian Oval Importer Affected by VCID-camm-fnua-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:47:06.446127+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:33:46.027959+00:00 Debian Oval Importer Affected by VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:47:25.813587+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:31:54.162419+00:00 Debian Oval Importer Affected by VCID-camm-fnua-aaan None 36.1.3
2025-06-20T23:59:06.929070+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan None 36.1.3
2025-06-20T23:38:43.294247+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap None 36.1.3
2025-06-20T23:32:30.932929+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak None 36.1.3
2025-06-20T23:26:28.374962+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah None 36.1.3
2025-06-20T22:21:15.009230+00:00 Debian Oval Importer Affected by VCID-jfsz-6s82-aaas None 36.1.3
2025-06-08T11:19:43.512332+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:01:50.021178+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:52:50.851840+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:05:18.343118+00:00 Debian Oval Importer Affected by VCID-camm-fnua-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:41:16.715918+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:27:49.853351+00:00 Debian Oval Importer Affected by VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:42:32.105790+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T17:54:32.914369+00:00 Debian Oval Importer Affected by VCID-camm-fnua-aaan None 36.1.0
2025-06-07T17:21:59.869273+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan None 36.1.0
2025-06-07T17:01:39.458853+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap None 36.1.0
2025-06-07T16:55:26.310800+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak None 36.1.0
2025-06-07T16:49:23.052336+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah None 36.1.0
2025-06-07T15:45:28.211409+00:00 Debian Oval Importer Affected by VCID-jfsz-6s82-aaas None 36.1.0
2025-04-13T02:00:59.262140+00:00 Debian Oval Importer Affected by VCID-4atp-nc7m-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:58:54.838764+00:00 Debian Oval Importer Affected by VCID-fv8h-uybh-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:58:08.011083+00:00 Debian Oval Importer Affected by VCID-w8cc-y1jy-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T01:54:20.607692+00:00 Debian Oval Importer Affected by VCID-1ze9-599r-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:10:29.281502+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:17:01.995579+00:00 Debian Oval Importer Affected by VCID-camm-fnua-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:16:00.715613+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:55:01.268189+00:00 Debian Oval Importer Affected by VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:44:18.581055+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:03:41.200193+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T08:34:06.894318+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T08:25:03.149073+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:37:02.208264+00:00 Debian Oval Importer Affected by VCID-camm-fnua-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:13:44.000667+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:00:08.228518+00:00 Debian Oval Importer Affected by VCID-jfsz-6s82-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:14:14.709324+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:31:19.671845+00:00 Debian Oval Importer Affected by VCID-camm-fnua-aaan None 36.0.0
2025-04-07T15:56:04.363218+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan None 36.0.0
2025-04-07T15:34:53.990095+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap None 36.0.0
2025-04-07T15:28:26.736945+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak None 36.0.0
2025-04-07T15:22:06.312633+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah None 36.0.0
2025-04-07T14:16:10.473844+00:00 Debian Oval Importer Affected by VCID-jfsz-6s82-aaas None 36.0.0
2024-11-28T14:16:45.485603+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T14:15:00.729385+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-28T14:12:50.062867+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-11-27T15:22:06.668936+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-14T00:56:32.578044+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-14T00:55:10.025031+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-14T00:54:28.434001+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-13T09:10:06.992893+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-21T04:31:40.449040+00:00 Debian Oval Importer Affected by VCID-56d5-5e4d-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T04:30:58.785037+00:00 Debian Oval Importer Affected by VCID-gbtx-c8tt-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-21T04:30:53.756011+00:00 Debian Oval Importer Affected by VCID-wv7k-6txy-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-09-20T21:59:15.437750+00:00 Debian Oval Importer Affected by VCID-extm-bjc7-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1