CVE-2011-4125
CRITICAL EPSS 80.7%
Published Oct 27, 20214y ago · Modified Jun 16, 20262w ago
9.8 CVSS 3.1
Published Oct 27, 2021 4y ago
Last Modified Jun 16, 2026 2w ago
Description
A untrusted search path issue was found in Calibre at devices/linux_mount_helper.c leading to the ability of unprivileged users to execute any program as root.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability High
Threat Intelligence
EPSS Exploit Probability
80.7% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-426
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| calibre-ebook | calibre | * | any |
References 4
- bugs.launchpad.net https://bugs.launchpad.net/calibre/+bug/885027
- git.zx2c4.com https://git.zx2c4.com/calibre-mount-helper-exploit/about/
- lwn.net https://lwn.net/Articles/464824/
- openwall.com https://www.openwall.com/lists/oss-security/2011/11/02/2
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.