Описание
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
A flaw was found in Calibre, an e-book manager. This path traversal vulnerability allows a malicious EPUB (electronic publication) file to corrupt arbitrary files on the system that the Calibre process has write access to. During EPUB conversion, Calibre incorrectly resolves file paths, enabling an attacker to write to locations outside the intended conversion directory. This can lead to significant data integrity issues and potential denial of service.
Отчет
This IMPORTANT vulnerability in Calibre allows a malicious EPUB file to corrupt arbitrary files and potentially execute code due to a path traversal flaw during EPUB conversion. This affects Calibre versions 9.1.0 and earlier, including those shipped in Red Hat Community Projects like Fedora 42 and 43. Exploitation requires processing a specially crafted EPUB file.
Меры по смягчению последствий
To mitigate this issue, users should avoid processing untrusted EPUB files with Calibre. If Calibre is not required, consider removing the package to eliminate the attack surface.
Дополнительная информация
Статус:
EPSS
8.2 High
CVSS3
Связанные уязвимости
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal vulnerability in Calibre's EPUB conversion allows a malicious EPUB file to corrupt arbitrary existing files writable by the Calibre process. During conversion, Calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even when it points outside the conversion extraction directory. This vulnerability is fixed in 9.2.0.
calibre is an e-book manager. In 9.1.0 and earlier, a path traversal v ...
EPSS
8.2 High
CVSS3