CVE-2021-44686

calibre before 5.32.0 contains a regular expression that is vulnerable to ReDoS (Regular Expression Denial of Service) in htmlpreprocessrules in ebooks/conversion/preprocess.py.

References

Affected packages

Git / github.com/kovidgoyal/calibre

Affected ranges

Type

GIT

Repo

https://github.com/kovidgoyal/calibre

Events

Introduced

Fixed

f3ef3c85dd230b32d6955050111285ed82f04fef

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "5.32.0"
        }
    ]
}

Affected versions

0.*

0.9.33

0.9.34

0.9.35

0.9.36

0.9.37

v0.*

v0.9.38

v0.9.39

v0.9.40

v0.9.41

v0.9.42

v0.9.43

v0.9.44

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.16.0

v1.17.0

v1.18.0

v1.19.0

v1.2.0

v1.20.0

v1.21.0

v1.22.0

v1.23.0

v1.24.0

v1.25.0

v1.26.0

v1.27.0

v1.28.0

v1.29.0

v1.3.0

v1.30.0

v1.31.0

v1.32.0

v1.33.0

v1.34.0

v1.35.0

v1.36.0

v1.37.0

v1.38.0

v1.39.0

v1.4.0

v1.40.0

v1.41.0

v1.42.0

v1.43.0

v1.44.0

v1.45.0

v1.46.0

v1.47.0

v1.48.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

v2.*

v2.0.0

v2.1.0

v2.10.0

v2.11.0

v2.12.0

v2.13.0

v2.14.0

v2.15.0

v2.16.0

v2.17.0

v2.18.0

v2.19.0

v2.2.0

v2.20.0

v2.21.0

v2.22.0

v2.23.0

v2.24.0

v2.25.0

v2.26.0

v2.27.0

v2.28.0

v2.29.0

v2.3.0

v2.30.0

v2.31.0

v2.32.0

v2.32.1

v2.33.0

v2.34.0

v2.35.0

v2.36.0

v2.37.0

v2.37.1

v2.38.0

v2.39.0

v2.4.0

v2.40.0

v2.41.0

v2.42.0

v2.43.0

v2.44.0

v2.44.1

v2.45.0

v2.46.0

v2.47.0

v2.48.0

v2.49.0

v2.5.0

v2.50.0

v2.50.1

v2.51.0

v2.52.0

v2.53.0

v2.54.0

v2.55.0

v2.56.0

v2.57.0

v2.57.1

v2.58.0

v2.59.0

v2.6.0

v2.60.0

v2.61.0

v2.62.0

v2.63.0

v2.64.0

v2.65.0

v2.65.1

v2.66.0

v2.67.0

v2.68.0

v2.69.0

v2.7.0

v2.70.0

v2.71.0

v2.72.0

v2.73.0

v2.74.0

v2.75.0

v2.75.1

v2.76.0

v2.77.0

v2.78.0

v2.79.0

v2.79.1

v2.8.0

v2.80.0

v2.81.0

v2.82.0

v2.83.0

v2.84.0

v2.85.0

v2.85.1

v2.9.0

v3.*

v3.0.0

v3.1.0

v3.1.1

v3.10.0

v3.11.0

v3.11.1

v3.12.0

v3.13.0

v3.14.0

v3.15.0

v3.16.0

v3.17.0

v3.18.0

v3.19.0

v3.2.0

v3.2.1

v3.20.0

v3.21.0

v3.22.0

v3.22.1

v3.23.0

v3.24.0

v3.24.1

v3.24.2

v3.25.0

v3.26.0

v3.26.1

v3.27.0

v3.27.1

v3.28.0

v3.29.0

v3.3.0

v3.30.0

v3.31.0

v3.32.0

v3.33.0

v3.33.1

v3.34.0

v3.35.0

v3.36.0

v3.37.0

v3.38.0

v3.38.1

v3.39.0

v3.39.1

v3.4.0

v3.40.0

v3.40.1

v3.41.0

v3.41.1

v3.41.2

v3.41.3

v3.42.0

v3.43.0

v3.44.0

v3.45.0

v3.45.1

v3.45.2

v3.46.0

v3.47.0

v3.48.0

v3.5.0

v3.6.0

v3.7.0

v3.8.0

v3.9.0

v4.*

v4.0.0

v4.1.0

v4.10.0

v4.10.1

v4.11.0

v4.11.1

v4.11.2

v4.12.0

v4.13.0

v4.14.0

v4.15.0

v4.16.0

v4.17.0

v4.18.0

v4.19.0

v4.2.0

v4.20.0

v4.21.0

v4.22.0

v4.23.0

v4.3.0

v4.4.0

v4.5.0

v4.6.0

v4.7.0

v4.8.0

v4.9.0

v4.9.1

v4.99.17

v5.*

v5.0.0

v5.0.1

v5.1.0

v5.10.0

v5.10.1

v5.11.0

v5.12.0

v5.13.0

v5.14.0

v5.15.0

v5.16.0

v5.16.1

v5.17.0

v5.18.0

v5.19.0

v5.2.0

v5.20.0

v5.21.0

v5.22.0

v5.22.1

v5.23.0

v5.24.0

v5.25.0

v5.26.0

v5.27.0

v5.28.0

v5.29.0

v5.3.0

v5.30.0

v5.31.0

v5.31.1

v5.4.0

v5.4.1

v5.4.2

v5.5.0

v5.6.0

v5.7.0

v5.7.1

v5.7.2

v5.8.0

v5.8.1

v5.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-44686.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    }
]