CVE-2021-44686

NameCVE-2021-44686
Descriptioncalibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
calibre (PTS)bullseye5.12.0+dfsg-1+deb11u1vulnerable
bookworm6.13.0+repack-2+deb12u3fixed
trixie7.14.0+ds-1fixed
sid7.15.0+ds-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
calibresource(unstable)5.33.0+dfsg-1

Notes

[bullseye] - calibre <no-dsa> (Minor issue)
[buster] - calibre <no-dsa> (Minor issue)
[stretch] - calibre <no-dsa> (Minor issue)
https://bugs.launchpad.net/calibre/+bug/1951979
https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)

Search for package or bug name: Reporting problems