MobileRead Forums - View Single Post - Are There Any Malware Vulnerabilities in Calibre?

Book Hunter · 02-27-2020, 11:33 AM

I download ebooks from a variety of sources. A few days ago I noticed a strange .mobi file ebook in my Calibre library. Its title suggested it was a German language dictionary. This is strange, as I am not German and do not speak the language. The creation date of this ebook was around 3 years ago in 2017. It is possible that I downloaded it somewhere by mistake, but I doubt it as I usually check what I download immediately.

I clicked on this ebook and it seemed to do nothing, so I cancelled it after a few seconds. It stated that the file was in use by some Python scripts. I think one of them was called introduction.py. I then clicked again to cancel it.

I then became suspicious and, after some investigation, discovered that ebooks can contain Java Script. This Java Script can contain malware which can exploit vulnerabilities in the host application.

I ran a full scan with Kaspersky Internet Security immediately after this and it reported no malware.

Does Calibre contain any vulnerabilities which can be exploited by Java Script in ebook files? Should I be concerned about my recent experience or could this be something innocent? I am using Calibre version 3.42 running on Windows 10.

02-27-2020, 11:33 AM	#1
Book Hunter Junior Member Posts: 6 Karma: 10 Join Date: Feb 2020 Location: U.K. Device: Kindle	Are There Any Malware Vulnerabilities in Calibre? I download ebooks from a variety of sources. A few days ago I noticed a strange .mobi file ebook in my Calibre library. Its title suggested it was a German language dictionary. This is strange, as I am not German and do not speak the language. The creation date of this ebook was around 3 years ago in 2017. It is possible that I downloaded it somewhere by mistake, but I doubt it as I usually check what I download immediately. I clicked on this ebook and it seemed to do nothing, so I cancelled it after a few seconds. It stated that the file was in use by some Python scripts. I think one of them was called introduction.py. I then clicked again to cancel it. I then became suspicious and, after some investigation, discovered that ebooks can contain Java Script. This Java Script can contain malware which can exploit vulnerabilities in the host application. I ran a full scan with Kaspersky Internet Security immediately after this and it reported no malware. Does Calibre contain any vulnerabilities which can be exploited by Java Script in ebook files? Should I be concerned about my recent experience or could this be something innocent? I am using Calibre version 3.42 running on Windows 10.