EPSS
Percentile
79.5%
gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.
bugzilla.redhat.com/show_bug.cgi?id=1553917