Vulnerability Details CVE-2018-7889
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.033
EPSS Ranking 86.7%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 6.8
References
Products affected by CVE-2018-7889
-
cpe:2.3:a:calibre-ebook:calibre:3.18.0