Civiledcode

**Name of the Vulnerable Software and Affected Versions** calibre versions 9.1.0 and earlier **Description** calibre is an e-book manager. A path traversal flaw exists in the EPUB conversion process. A crafted EPUB file can potentially corrupt existing files that the calibre process has write access to. During conversion, calibre resolves CipherReference URI from META-INF/encryption.xml to an absolute filesystem path and opens it in read-write mode, even if the path is outside the designated conversion directory. The vulnerability involves resolving a URI to a filesystem path and opening it in read-write mode. **Recommendations** Update to version 9.2.0 or later.