Calibre-Ebook: >> Calibre >> 0.9.3 Security Vulnerabilities
link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root.
CVSS Score
7.5
EPSS Score
0.007
Published
2023-10-22
calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-12-07
The E-book viewer in calibre before 2.75 allows remote attackers to read arbitrary files via a crafted epub file with JavaScript.
CVSS Score
5.5
EPSS Score
0.004
Published
2017-03-16
Page 2