calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
References
Link | Resource |
---|---|
https://bugs.launchpad.net/calibre/+bug/1951979 | Exploit Issue Tracking Vendor Advisory |
https://github.com/dwisiswant0/advisory/issues/18 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/kovidgoyal/calibre/compare/v5.31.1...v5.32.0 | Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W7QKFPYJ23KG6WJ5NIYAM4N2NWZCLQGL/ |
Configurations
History
07 Nov 2023, 03:39
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2021-12-07 00:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-44686
Mitre link : CVE-2021-44686
CVE.ORG link : CVE-2021-44686
JSON object : View
Products Affected
calibre-ebook
- calibre
fedoraproject
- fedora
CWE
CWE-400
Uncontrolled Resource Consumption