CVE-2021-44686Uncontrolled Resource Consumption in Calibre

CWE-400Uncontrolled Resource ConsumptionCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Calibre-ebook CalibreDebian CalibreFedoraproject Fedora
Timeline
PublishedDec 7
Latest updateDec 8

Description

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/calibre< calibre 5.33.0+dfsg-1 (bookworm)
NVDcalibre-ebook/calibre< 5.32.0
Debiancalibre-ebook/calibre< 5.12.0+dfsg-1+deb11u3+3

Also affects: Fedora 34

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
GHSA
GHSA-m6m7-mf2p-99p5: calibre before 52021-12-08
OSV
CVE-2021-44686: calibre before 52021-12-07

📋Vendor Advisories

1
Debian
CVE-2021-44686: calibre - calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS ...2021
CVE-2021-44686 — Uncontrolled Resource Consumption | cvebase