CNNVD-202511-864 Information
CNNVD ID
CNNVD-202511-864
Related CVE
- CNNVD Published: 2025-11-08
Description (Chinese)
Calibre是印度Kovid Goyal个人开发者的一个开源免费的全能电子书阅读管理与格式转换工具。 Calibre 8.13.0及之前版本存在安全漏洞,该漏洞源于处理FB2文件中的二进制资源时未验证文件名,可能导致任意文件写入和代码执行。
Description (English)
Calibre is an open-source, free-of-charge, electronic book reading management and format conversion tool for individual developers in Kovid Goyal, India. There is a security loophole in Calibre 8.13.0 and previous versions, which stems from the non-validation of file names when processing binary resources in the FB2 file, which may lead to any document writing and code execution.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2025-11-08
Last Modified
2026-02-24
References
https://github.com/kovidgoyal/calibre/commit/6f94bce214bf7d43c829804db3741afa5e83c0c5 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-hpwq-c98h-xp8g
Patch
https://github.com/kovidgoyal/calibre/releases
Share on: