CNNVD-202602-954 Information
CNNVD ID
CNNVD-202602-954
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Calibre是印度Kovid Goyal个人开发者的一个开源免费的全能电子书阅读管理与格式转换工具。 Calibre 9.2.0之前版本存在路径遍历漏洞,该漏洞源于CHM阅读器存在路径遍历,可能导致任意文件写入,进而引发远程代码执行。
Description (English)
Calibre is an open-source, free-of-charge, electronic book reading management and format conversion tool for individual developers in Kovid Goyal, India. There was a loophole in the previous version of Calibre 9.2. This loophole stems from the existence of the CHM reader, which could lead to the writing of any file and thus to remote code execution.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
个人开发者
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/kovidgoyal/calibre/commit/9739232fcb029ac15dfe52ccd4fdb4a07ebb6ce9 https://github.com/kovidgoyal/calibre/security/advisories/GHSA-32vh-whvh-9fxr https://access.redhat.com/security/cve/cve-2026-25635
Patch
https://github.com/kovidgoyal/calibre/releases
Share on: