Primary

Context

Calibre Arbitrary File Write Vulnerability in FB2 File Handling Allowing Code Execution

Vulnerability

Patched

A vulnerability in Calibre's handling of binary assets in FB2 files prior to version 8.14.0 allows for arbitrary file writing on the filesystem. This issue can be exploited when viewing or converting a malicious FictionBook file, potentially leading to arbitrary code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file writing, which can be leveraged to execute arbitrary code on the system.

Remediation

Users can upgrade to Calibre version 8.14.0 or later to address this vulnerability.

Added: Nov 8, 2025, 12:19 AM

Updated: Nov 8, 2025, 12:19 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

5.1

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

10.0

exploitability

5.1

remediation

7.7

relevance

1.0

threat

3.2

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Calibre Arbitrary File Write Vulnerability in FB2 File Handling Allowing Code Execution

Vulnerability

Impact

Remediation

Affected Products

calibre

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating