CVE-2024-7008

Unsanitized user-input in Calibre <= 7.15.0 allow attackers to perform reflected cross-site scripting.

Severity: MEDIUM (6.1) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

https://github.com/kovidgoyal/calibre/commit/863abac24e7bc3e5ca0b3307362ff1953ba53fe0
https://starlabs.sg/advisories/24/24-7008/

Published: 2024-08-06
Modified: 2024-08-19

CVE-2024-7009

Unsanitized user-input in Calibre <= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.

Severity: HIGH (7.1) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

References:

https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7
https://starlabs.sg/advisories/24/24-7009/

Устарел и FTBFS

Version: 2.1.2

Package calibre update in sisyphus_loongarch64 on 2025-06-09

ALT-PU-2025-7967-1

Closed vulnerabilities

CVE-2024-7008

CVE-2024-7009

Closed bugs

Bug #54742