CVE-2023-46303
https://notcve.org/view.php?id=CVE-2023-46303
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. link_to_local_path en ebooks/conversion/plugins/html_input.py en calibre anterior a 6.19.0 puede, de forma predeterminada, agregar recursos fuera del root del documento. • https://github.com/0x1717/ssrf-via-img https://github.com/kovidgoyal/calibre/compare/v6.18.1...v6.19.0 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2021-44686
https://notcve.org/view.php?id=CVE-2021-44686
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py. calibre versiones anteriores a 5.32.0, contiene una expresión regular que es vulnerable a ReDoS (denegación de servicio por expresión regular) en html_preprocess_rules en el archivo ebooks/conversion/preprocess.py • https://bugs.launchpad.net/calibre/+bug/1951979 https://github.com/dwisiswant0/advisory/issues/18 https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QKFPYJ23KG6WJ5NIYAM4N2NWZCLQGL • CWE-400: Uncontrolled Resource Consumption •
CVE-2016-10187
https://notcve.org/view.php?id=CVE-2016-10187
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript. El visor de E-book en calibre en versiones anteriores a 2.75 permite a atacantes remotos leer archivos arbitrarios a través de un archivo epub manipulado con JavaScript. • http://www.openwall.com/lists/oss-security/2017/01/29/8 http://www.openwall.com/lists/oss-security/2017/01/31/9 http://www.securityfocus.com/bid/95909 https://bugs.launchpad.net/calibre/+bug/1651728 https://github.com/kovidgoyal/calibre/commit/3a89718664cb8c • CWE-264: Permissions, Privileges, and Access Controls •