| Summary | calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:user_metadata that is passed unsanitized to exec() in the template formatter. This issue is fixed in version 9.10.0. |
|---|---|
| Publication Date | July 8, 2026, 6:17 a.m. |
| Registration Date | July 9, 2026, 4:12 a.m. |
| Last Update | July 11, 2026, 3:59 a.m. |