CVE-2024-6781 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-6781 PUBLISHED CVSS 7.5 HIGH

Path traversal in Calibre <= 7.14.0 allow unauthenticated attackers to achieve arbitrary file read.

EPSS 93.70% · 99.8th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

93.70%

99.8th percentile

Affected Products

Vendor	Product	Versions
calibre-ebook	calibre	0
Calibre	Calibre	7.14.0
calibre	calibre	7.14.0

Timeline

Aug 6, 2024 EPSS Score
Aug 6, 2024 CVE Published
Aug 6, 2024 CVE Updated
Aug 27, 2024 EPSS Score
Oct 5, 2024 Coalition ESS Score
Oct 7, 2024 EPSS Score
Oct 27, 2024 EPSS Score
Nov 17, 2024 EPSS Score
Dec 8, 2024 EPSS Score
Jan 18, 2025 EPSS Score
Feb 8, 2025 EPSS Score
Feb 28, 2025 EPSS Score

References

https://starlabs.sg/advisories/24/24-6781/ third-party-advisory
https://github.com/kovidgoyal/calibre/commit/bcd0ab12c41a887f8290a9b56e46c3a29038d9c4 patch
https://nvd.nist.gov/vuln/detail/CVE-2024-6781 advisory
https://starlabs.sg/advisories/24/24-6781 url

Open in Interactive Console →