{"id":"UBUNTU-CVE-2024-7009","details":"Unsanitized user-input in Calibre \u003c= 7.15.0 allow users with permissions to perform full-text searches to achieve SQL injection on the SQLite database.","modified":"2026-04-27T18:44:29.869747Z","published":"2024-08-06T04:16:00Z","upstream":["CVE-2024-7009"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-7009"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2024-7009"},{"type":"REPORT","url":"https://starlabs.sg/advisories/24/24-7009/"},{"type":"REPORT","url":"https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7"},{"type":"REPORT","url":"https://github.com/kovidgoyal/calibre/commit/d56574285e8859d3d715eb7829784ee74337b7d7"}],"affected":[{"package":{"name":"calibre","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/calibre@2.55.0+dfsg-1ubuntu0.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.33.0+dfsg-1build1","2.38.0+dfsg-1","2.45.0+dfsg-1","2.45.0+dfsg-1build1","2.48.0+dfsg-1","2.48.0+dfsg-1build1","2.54.0+dfsg-1","2.55.0+dfsg-1","2.55.0+dfsg-1ubuntu0.2"],"ecosystem_specific":{"binaries":[{"binary_name":"calibre","binary_version":"2.55.0+dfsg-1ubuntu0.2"},{"binary_name":"calibre-bin","binary_version":"2.55.0+dfsg-1ubuntu0.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7009.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/calibre@3.21.0+dfsg-1build1?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.7.0+dfsg-2","3.7.0+dfsg-2build1","3.12.0+dfsg-1","3.13.0+dfsg-1","3.14.0+dfsg-1","3.15.0.1+dfsg-1","3.16.0+dfsg-1","3.16.0+dfsg-1build1","3.17.0+dfsg-1","3.17.0+dfsg-2","3.18.0+dfsg-1build1","3.19.0+dfsg-1","3.20.0+dfsg-1","3.21.0+dfsg-1","3.21.0+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"calibre","binary_version":"3.21.0+dfsg-1build1"},{"binary_name":"calibre-bin","binary_version":"3.21.0+dfsg-1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7009.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/calibre@4.99.4+dfsg+really4.12.0-1ubuntu1?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.46.0+dfsg-1","4.2.0+dfsg-2","4.3.0+dfsg-1","4.3.0+dfsg-2","4.4.0+dfsg-1","4.5.0+dfsg-1","4.5.0+dfsg-2","4.5.0+dfsg-3","4.6.0+dfsg-1","4.7.0+dfsg-1","4.99.3+dfsg-2","4.99.4+dfsg-1","4.99.4+dfsg-1build1","4.99.4+dfsg+really4.10.0+py3-2","4.99.4+dfsg+really4.11.2-1","4.99.4+dfsg+really4.11.2-1build1","4.99.4+dfsg+really4.12.0-1","4.99.4+dfsg+really4.12.0-1build1","4.99.4+dfsg+really4.12.0-1ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"calibre","binary_version":"4.99.4+dfsg+really4.12.0-1ubuntu1"},{"binary_name":"calibre-bin","binary_version":"4.99.4+dfsg+really4.12.0-1ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7009.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/calibre@5.37.0+dfsg-1build1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.25.0+dfsg-2","5.33.2+dfsg-1","5.34.0+dfsg-1","5.35.0+dfsg-1ubuntu2","5.37.0+dfsg-1","5.37.0+dfsg-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"calibre","binary_version":"5.37.0+dfsg-1build1"},{"binary_name":"calibre-bin","binary_version":"5.37.0+dfsg-1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7009.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/calibre@7.6.0+ds-1build1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.24.0+ds-1","6.29.0+ds-1","7.0.0+ds-1","7.1.0+ds-1","7.1.0+ds-2","7.2.0+ds-1","7.2.0+ds-1build1","7.3.0+ds-1","7.4.0+ds-1","7.5.1+ds-1","7.5.1+ds-2","7.5.1+ds-3","7.6.0+ds-1","7.6.0+ds-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"calibre","binary_version":"7.6.0+ds-1build1"},{"binary_name":"calibre-bin","binary_version":"7.6.0+ds-1build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7009.json"}},{"package":{"name":"calibre","ecosystem":"Ubuntu:26.04","purl":"pkg:deb/ubuntu/calibre@9.2.1+ds+~0.10.5-2build1?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.8.0+ds-3build1","8.13.0+ds+~0.10.5-3","8.14.0+ds+~0.10.5-1","8.15.0+ds+~0.10.5-1","8.16.0+ds+~0.10.5-2","8.16.2+ds+~0.10.5-1","8.16.2+ds+~0.10.5-2","8.16.2+ds+~0.10.5-3","9.2.1+ds+~0.10.5-2build1"],"ecosystem_specific":{"binaries":[{"binary_name":"calibre","binary_version":"9.2.1+ds+~0.10.5-2build1"},{"binary_name":"calibre-bin","binary_version":"9.2.1+ds+~0.10.5-2build1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7009.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}