21 matches found
CVE-2022-1534
CVE-2022-1534 affects the LibMobi project (bfabiszewski/libmobi) prior to version 0.11. The issue is a buffer over-read at parse_rawml.c:1416, causing reads past the end of the intended buffer. This can lead to leakage of memory contents or a denial via crash. No exploit details are provided in t...
CVE-2022-1533
CVE-2022-1533 affects the GitHub repository bfabiszewski/libmobi, with a Buffer Over-read in libmobi prior to 0.11. The flaw is described as capable of arbitrary code execution. The issue is documented across multiple feeds (NVD, OSV, Debian/Ubuntu trackers, and related Nessus entry), consistentl...
CVE-2022-2279
CVE-2022-2279 : NULL Pointer Dereference in the GitHub project libmobi (bfabiszewski/libmobi) prior to 0.11. Affected component: the libmobi codebase; root cause: NULL pointer dereference. Impact information in public feeds ranges from medium to high for availability depending onCVSS variant; exp...
CVE-2022-1987
CVE-2022-1987 describes a Buffer Over-read in the GitHub repository bfabiszewski/libmobi prior to 0.11. The vulnerability affects libmobi before version 0.11 and is due to a buffer over-read; CVSS details in the initial record indicate a network attack vector with high impact on confidentiality a...
CVE-2022-29788
Libmobi before v0.10 contains a NULL pointer dereference in mobi_buffer_getpointer, allowing a crafted MOBI file to trigger a Denial of Service. This is documented across multiple sources (CVE-2022-29788) and is confirmed by NVD/OSV entries. Affected component is the Libmobi library; impact is Do...
CVE-2022-1908
CVE-2022-1908 affects Libmobi (the MOBI-handling C library) up to version 0.11, with a Buffer Over-read vulnerability. Public records describe memory-operation weaknesses that can lead to a buffer overflow and potential DoS when exploited locally; several advisories/assessments (Ubuntu USN 7638-1...
CVE-2021-3888
CVE-2021-3888 affects libmobi. The vulnerability is a buffer-overread/write caused by out-of-range pointer offsets in the Huffman-based decoding path, where the code does not validate index bounds for symbols before accessing symbol data. This can lead to memory reads/writes beyond allocated buff...
CVE-2021-3751
CVE-2021-3751 affects libmobi, a C library for Mobipocket/Kindle MOBI handling. The connected documents describe an out-of-bounds write in mobi_buffer_move that can cause heap/write-after-bounds and, in the PoC, remote code execution via crafted input (RCE by overwriting control-flow memory). The...
CVE-2018-11432
The connected documents confirm a vulnerability in Libmobi version 0.3 affecting the mobi_parse_mobiheader function in read.c, where a crafted MOBI file can cause information disclosure via a heap-based buffer over-read. This is a remote-triggered flaw with potential partial confidentiality impac...
CVE-2021-3889
CVE-2021-3889 affects Libmobi, a C library for MOBI/Kindle formats. Connected sources describe an out-of-bounds read in mobi_decompress_huffman_internal caused by unsafe Huffman code_length handling, leading to a heap-buffer-overflow and potential memory disclosure or crash when processing input....
CVE-2022-1907
Libmobi (bfabiszewski/libmobi) prior to 0.11 has a memory-handling flaw resulting in a Buffer Over-read/Overflow in the mobi buffer handling (mobi_buffer_getpointer), with potential denial-of-service impact. Multiple sources document CVE-2022-1907 across Linux distributions (Ubuntu USN-7638-1, De...
CVE-2018-11438
CVE-2018-11438 affects Libmobi 0.3. The vulnerability resides in mobi_decompress_lz77 (compression.c) and allows remote code execution via a crafted MOBI file, caused by a heap-based buffer overflow. Confirmed affected component is Libmobi 0.3; the issue is exploitable over the network through cr...
CVE-2018-11725
The CVE-2018-11725 vulnerability affects Libmobi 0.3, where mobi_parse_index_entry (in index.c) can be exploited by a crafted MOBI file to trigger a heap-based buffer over-read, enabling information disclosure. This is a remote issue with no explicit exploit details provided in the documents. Imp...
CVE-2021-3881
CVE-2021-3881 affects libmobi and is a buffer/Out-of-bounds Read vulnerability in mobi_decompress_huffman_internal. The root cause is unsafe decompressing of user input in Huffman processing, where code_length can exceed the maxcode_table size, enabling reads beyond allocated buffers. Proof-of-co...
CVE-2018-11434
The CVE-2018-11434 vulnerability affects Libmobi 0.3, where the buffer_fill64 function in compression.c can cause a heap-based information disclosure when processing specially crafted MOBI files. The issue is a heap-based over-read introduced in the affected code path, enabling potential leakage ...
CVE-2018-11433
CVE-2018-11433 affects Libmobi 0.3. The vulnerability lies in mobi_get_kf8boundary_seqnumber (util.c), which can disclose memory via a crafted MOBI file due to a heap-based buffer over-read. Remote attackers could exploit this by using a specially crafted MOBI, enabling information disclosure. Th...
CVE-2018-11435
Libmobi 0.3 is affected by a vulnerability in the function mobi_decompress_huffman_internal in compression.c, which allows a remote attacker to cause information disclosure via a crafted MOBI file, manifesting as a read access violation. This is corroborated across multiple sources (NVD/NVD-based...
CVE-2018-11437
The CVE-2018-11437 entry concerns Libmobi 0.3, where the mobi_reconstruct_parts function in parse_rawml.c can disclose information via a specially crafted MOBI file. The vulnerability is described as a read access disclosure, triggered by crafted input. No exploit details, affected versions beyon...
CVE-2018-11726
Libmobi 0.3 is affected by a vulnerability in mobi_decode_font_resource (util.c) that can be triggered by a crafted MOBI file, causing a heap-based buffer overflow with remote DoS or possible other impact. The Connected documents corroborate Libmobi 0.3 as the vulnerable version; no remediation o...
CVE-2018-11724
The vulnerability CVE-2018-11724 affects Libmobi 0.3, specifically the mobi_pk1_decrypt function in encryption.c. A crafted mobi file can trigger a heap-based buffer overflow, allowing remote attackers to cause a denial of service and, per the entry, potentially other unspecified impact. Details ...
CVE-2018-11436
CVE-2018-11436 affects Libmobi version 0.3. The vulnerability is in the buffer_addraw function of buffer.c, enabling a remote attacker to disclose information via a crafted MOBI file due to a heap-based over-read. The exploitation vector and impact are described as information disclosure; no in-w...