VIR Vulnerability Intelligence Relay

CVE-2026-26065

unknown
Published β€” Β· Modified β€”
πŸ’¬ Discuss on Community ✚ Propose mitigation
CVSS v3
β€”
CVSS v4 NEW
β€”
not yet in upstream
VIR risk
β€”

Description

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.

Predictions

Exploit likelihood
20%
Patch ETA
β€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

Mitigation details

Source: Debian Security Tracker Β· View original β†— Β· DFSG

CVE-2026-26065 NameCVE-2026-26065 Descriptioncalibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are…

CVE-2026-26065

NameCVE-2026-26065
Descriptioncalibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers (both 132-byte and 202-byte header variants) that allow arbitrary file writes with arbitrary extension and arbitrary content anywhere the user has write permissions. Files are written in 'wb' mode, silently overwriting existing files. This can lead to potential code execution and Denial of Service through file corruption. This issue has been fixed in version 9.3.0.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4554-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
calibre (PTS)bullseye5.12.0+dfsg-1+deb11u2vulnerable
bullseye (security)5.12.0+dfsg-1+deb11u4fixed
bookworm6.13.0+repack-2+deb12u6fixed
trixie8.5.0+ds-1+deb13u2fixed
forky9.8.0+ds+~0.10.6-2fixed
sid9.9.0+ds+~0.10.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
calibresourcebullseye5.12.0+dfsg-1+deb11u4DLA-4554-1
calibresourcebookworm6.13.0+repack-2+deb12u6
calibresourcetrixie8.5.0+ds-1+deb13u2
calibresource(unstable)9.3.0+ds+~0.10.5-1

Notes

https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2w
Fixed by: https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8 (v9.3.0)

Home - Debian Security - Source (Git)

Apply commands

text fix
Notes
https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vmfh-7mr7-pp2wFixed by: https://github.com/kovidgoyal/calibre/commit/b6da1c3878c06eb1356cb0ec1106cb66e0e9bfb8 (v9.3.0)

OS impact
OSVersionStatusFixed in
debian debianbookwormfixed6.13.0+repack-2+deb12u6
debian debianbullseyefixed5.12.0+dfsg-1+deb11u4
debian debianforkyfixed9.3.0+ds+~0.10.5-1
debian debiansidfixed9.3.0+ds+~0.10.5-1
debian debiantrixiefixed8.5.0+ds-1+deb13u2

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.