VDB

GCVE-110-MAGEIA-2018-399

GCVE-110-MAGEIA-2018-399
Advisory Published
Vulnetix · Advisory published October 19, 2018
Updated calibre package fixes security vulnerability: gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call (CVE-2018-7889). The python-html5-parser package is a new dependency for the updated calibre package and has been included with this update.

Affected Products

VendorProductVersionsPlatforms
Mageiapython-lxml0 (affected), 3.8.0-1.1.mga6 (unaffected)
Mageiapython-html5-parser0 (affected), 0.4.4-1.1.mga6 (unaffected)
Mageiacalibre0 (affected), 3.27.1-2.mga6 (unaffected)

Browse GCVE Records

71,925 records in the GCVE database · Updated July 13, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›