CVE-2021-44686

NameCVE-2021-44686
Descriptioncalibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in html_preprocess_rules in ebooks/conversion/preprocess.py.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
calibre (PTS)stretch2.75.1+dfsg-1vulnerable
buster3.39.1+dfsg-3vulnerable
bullseye5.12.0+dfsg-1+deb11u1vulnerable
bookworm, sid5.34.0+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
calibresource(unstable)5.33.0+dfsg-1

Notes

[bullseye] - calibre <no-dsa> (Minor issue)
[buster] - calibre <no-dsa> (Minor issue)
[stretch] - calibre <no-dsa> (Minor issue)
https://bugs.launchpad.net/calibre/+bug/1951979
https://github.com/kovidgoyal/calibre/commit/235b7e38c197ba4a3c17531e516610af8795e348 (v5.33.0)

Search for package or bug name: Reporting problems