CVE-2018-7889 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary command execution
Description	gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-650	calibre	3.18.0-1	3.19.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
11 Mar 2018	ASA-201803-8	AVG-650	calibre	High	arbitrary command execution

References
https://bugs.launchpad.net/calibre/+bug/1753870 https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d