CVE-2018-7889

Published
View on NVD ↗
CVSS v3
N/A
CVSS v2
6.8
MEDIUM
Affected
1
PROJECT

Description

gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

kovidgoyal/calibre
kovidgoyal/calibre
The official source code repository for the calibre ebook manager
GitHubGitHub
25K