calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0.
oryginał ENCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HCalibre Ebook Calibre
APPCalibre-Ebook< 9.2.0
Powiązane podatności
Path Traversal w Calibre umożliwiający zapis plików i RCE (Windows)
Path Traversal w Calibre — zapis dowolnych plików przez czytnik PDB
Input validation issues were found in Calibre at devices/linux_mount_helper.c which can lead to argument injec...
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of u...
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to ...