Search for packages
| purl | pkg:deb/debian/calibre@2.5.0%2Bdfsg-1 |
| Next non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Latest non-vulnerable version | 5.44.0+dfsg-1~bpo11+2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1ze9-599r-aaam
Aliases: CVE-2023-46303 |
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-4atp-nc7m-aaan
Aliases: CVE-2024-7009 |
Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database. |
Affected by 2 other vulnerabilities. |
|
VCID-camm-fnua-aaan
Aliases: CVE-2016-10187 |
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. |
Affected by 5 other vulnerabilities. |
|
VCID-extm-bjc7-aaap
Aliases: CVE-2010-1028 |
Integer overflow in the decompression functionality in the Web Open Fonts Format (WOFF) decoder in Mozilla Firefox 3.6 before 3.6.2 and 3.7 before 3.7 alpha 3 allows remote attackers to execute arbitrary code via a crafted WOFF file that triggers a buffer overflow, as demonstrated by the vd_ff module in VulnDisco 9.0. |
Affected by 6 other vulnerabilities. |
|
VCID-fv8h-uybh-aaas
Aliases: CVE-2024-7008 |
Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting. |
Affected by 2 other vulnerabilities. |
|
VCID-jfsz-6s82-aaas
Aliases: CVE-2018-7889 |
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-w8cc-y1jy-aaac
Aliases: CVE-2021-44686 |
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:49:52.805916+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.3 |
| 2025-06-21T16:19:02.857743+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:47:06.449895+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:33:46.032846+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T00:31:54.167149+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.1.3 |
| 2025-06-20T23:38:43.299090+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | None | 36.1.3 |
| 2025-06-20T22:21:15.013619+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.1.3 |
| 2025-06-08T11:19:43.515408+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T09:05:18.346152+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:41:16.718927+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:27:49.856485+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-07T17:54:32.918501+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.1.0 |
| 2025-06-07T17:01:39.461911+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | None | 36.1.0 |
| 2025-06-07T15:45:28.214547+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.1.0 |
| 2025-04-13T02:00:59.273037+00:00 | Debian Oval Importer | Affected by | VCID-4atp-nc7m-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:54.849403+00:00 | Debian Oval Importer | Affected by | VCID-fv8h-uybh-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:58:08.022048+00:00 | Debian Oval Importer | Affected by | VCID-w8cc-y1jy-aaac | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T01:54:20.618644+00:00 | Debian Oval Importer | Affected by | VCID-1ze9-599r-aaam | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:17:02.005961+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T20:55:01.277912+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T17:03:41.209817+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-08T07:37:02.218026+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:13:44.010616+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:00:08.238487+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T16:31:19.682614+00:00 | Debian Oval Importer | Affected by | VCID-camm-fnua-aaan | None | 36.0.0 |
| 2025-04-07T15:34:54.000005+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | None | 36.0.0 |
| 2025-04-07T14:16:10.484791+00:00 | Debian Oval Importer | Affected by | VCID-jfsz-6s82-aaas | None | 36.0.0 |
| 2024-11-27T15:22:06.678454+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 35.0.0 |
| 2024-10-13T09:10:07.002519+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.2 |
| 2024-09-20T21:59:15.450234+00:00 | Debian Oval Importer | Affected by | VCID-extm-bjc7-aaap | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 34.0.1 |