VDB
GCVE-110-MAGEIA-2018-399
GCVE-110-MAGEIA-2018-399
Advisory Published
Updated calibre package fixes security vulnerability:
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on
imported bookmark data, which allows remote attackers to execute arbitrary
code via a crafted .pickle file, as demonstrated by Python code that
contains an os.system call (CVE-2018-7889).
The python-html5-parser package is a new dependency for the updated calibre
package and has been included with this update.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-lxml | 0 (affected), 3.8.0-1.1.mga6 (unaffected) | — |
| Mageia | python-html5-parser | 0 (affected), 0.4.4-1.1.mga6 (unaffected) | — |
| Mageia | calibre | 0 (affected), 3.27.1-2.mga6 (unaffected) | — |
Aliases
Browse GCVE Records
71,925 records in the GCVE database · Updated July 13, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.