CVE-2011-4125

CRITICAL EPSS 80.7%
Published Oct 27, 20214y ago · Modified Jun 16, 20262w ago
9.8 CVSS 3.1
Critical
Find Similar
Published Oct 27, 2021 4y ago
Last Modified Jun 16, 2026 2w ago

Description

A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.

CVSS Details

Base Score
9.8
Exploitability
3.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
80.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-426

Affected Products 1

VendorProductVersionRange
calibre-ebookcalibre*any

References 4

  • bugs.launchpad.net https://bugs.launchpad.net/calibre/+bug/885027
    ExploitIssue TrackingThird Party Advisory
  • git.zx2c4.com https://git.zx2c4.com/calibre-mount-helper-exploit/about/
    ExploitThird Party Advisory
  • lwn.net https://lwn.net/Articles/464824/
    Not ApplicableThird Party Advisory
  • openwall.com https://www.openwall.com/lists/oss-security/2011/11/02/2
    Mailing ListThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.