Description
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/calibre/+bug/1753870
Patch x_refsource_confirm
https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
Scores
CVSS v3
7.8
EPSS
0.1088
EPSS Percentile
93.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-502
Status
published
Products (1)
calibre-ebook/calibre
3.18.0
Published
Mar 08, 2018
Tracked Since
Feb 18, 2026