Lucene search
K
Libmobi ProjectLibmobi

21 matches found

CVE
CVE
added 2022/04/29 10:15 a.m.81 views

CVE-2022-1534

CVE-2022-1534 affects the LibMobi project (bfabiszewski/libmobi) prior to version 0.11. The issue is a buffer over-read at parse_rawml.c:1416, causing reads past the end of the intended buffer. This can lead to leakage of memory contents or a denial via crash. No exploit details are provided in t...

7.1CVSS6.5AI score0.00342EPSS
CVE
CVE
added 2022/04/29 10:15 a.m.78 views

CVE-2022-1533

CVE-2022-1533 affects the GitHub repository bfabiszewski/libmobi, with a Buffer Over-read in libmobi prior to 0.11. The flaw is described as capable of arbitrary code execution. The issue is documented across multiple feeds (NVD, OSV, Debian/Ubuntu trackers, and related Nessus entry), consistentl...

7.8CVSS7.2AI score0.00395EPSS
CVE
CVE
added 2022/07/01 8:15 a.m.70 views

CVE-2022-2279

CVE-2022-2279 : NULL Pointer Dereference in the GitHub project libmobi (bfabiszewski/libmobi) prior to 0.11. Affected component: the libmobi codebase; root cause: NULL pointer dereference. Impact information in public feeds ranges from medium to high for availability depending onCVSS variant; exp...

6.6CVSS5.5AI score0.00582EPSS
CVE
CVE
added 2022/06/03 7:50 a.m.68 views

CVE-2022-1987

CVE-2022-1987 describes a Buffer Over-read in the GitHub repository bfabiszewski/libmobi prior to 0.11. The vulnerability affects libmobi before version 0.11 and is due to a buffer over-read; CVSS details in the initial record indicate a network attack vector with high impact on confidentiality a...

8.1CVSS5.7AI score0.00782EPSS
CVE
CVE
added 2022/06/02 1:2 p.m.64 views

CVE-2022-29788

Libmobi before v0.10 contains a NULL pointer dereference in mobi_buffer_getpointer, allowing a crafted MOBI file to trigger a Denial of Service. This is documented across multiple sources (CVE-2022-29788) and is confirmed by NVD/OSV entries. Affected component is the Libmobi library; impact is Do...

6.5CVSS6.1AI score0.00795EPSS
CVE
CVE
added 2022/05/27 8:35 a.m.60 views

CVE-2022-1908

CVE-2022-1908 affects Libmobi (the MOBI-handling C library) up to version 0.11, with a Buffer Over-read vulnerability. Public records describe memory-operation weaknesses that can lead to a buffer overflow and potential DoS when exploited locally; several advisories/assessments (Ubuntu USN 7638-1...

8.1CVSS5.8AI score0.00668EPSS
CVE
CVE
added 2021/10/19 12:30 p.m.54 views

CVE-2021-3888

CVE-2021-3888 affects libmobi. The vulnerability is a buffer-overread/write caused by out-of-range pointer offsets in the Huffman-based decoding path, where the code does not validate index bounds for symbols before accessing symbol data. This can lead to memory reads/writes beyond allocated buff...

8.1CVSS7.4AI score0.012EPSS
CVE
CVE
added 2021/09/15 6:40 a.m.50 views

CVE-2021-3751

CVE-2021-3751 affects libmobi, a C library for Mobipocket/Kindle MOBI handling. The connected documents describe an out-of-bounds write in mobi_buffer_move that can cause heap/write-after-bounds and, in the PoC, remote code execution via crafted input (RCE by overwriting control-flow memory). The...

9.8CVSS9.5AI score0.01237EPSS
CVE
CVE
added 2018/05/30 1:0 p.m.49 views

CVE-2018-11432

The connected documents confirm a vulnerability in Libmobi version 0.3 affecting the mobi_parse_mobiheader function in read.c, where a crafted MOBI file can cause information disclosure via a heap-based buffer over-read. This is a remote-triggered flaw with potential partial confidentiality impac...

6.5CVSS6.2AI score0.01434EPSS
CVE
CVE
added 2021/10/19 12:30 p.m.49 views

CVE-2021-3889

CVE-2021-3889 affects Libmobi, a C library for MOBI/Kindle formats. Connected sources describe an out-of-bounds read in mobi_decompress_huffman_internal caused by unsafe Huffman code_length handling, leading to a heap-buffer-overflow and potential memory disclosure or crash when processing input....

8.1CVSS7.4AI score0.012EPSS
CVE
CVE
added 2022/05/27 8:30 a.m.48 views

CVE-2022-1907

Libmobi (bfabiszewski/libmobi) prior to 0.11 has a memory-handling flaw resulting in a Buffer Over-read/Overflow in the mobi buffer handling (mobi_buffer_getpointer), with potential denial-of-service impact. Multiple sources document CVE-2022-1907 across Linux distributions (Ubuntu USN-7638-1, De...

8.1CVSS5.8AI score0.0066EPSS
CVE
CVE
added 2018/05/30 1:0 p.m.43 views

CVE-2018-11438

CVE-2018-11438 affects Libmobi 0.3. The vulnerability resides in mobi_decompress_lz77 (compression.c) and allows remote code execution via a crafted MOBI file, caused by a heap-based buffer overflow. Confirmed affected component is Libmobi 0.3; the issue is exploitable over the network through cr...

8.8CVSS8.8AI score0.02666EPSS
CVE
CVE
added 2018/06/19 9:0 p.m.43 views

CVE-2018-11725

The CVE-2018-11725 vulnerability affects Libmobi 0.3, where mobi_parse_index_entry (in index.c) can be exploited by a crafted MOBI file to trigger a heap-based buffer over-read, enabling information disclosure. This is a remote issue with no explicit exploit details provided in the documents. Imp...

6.5CVSS6.3AI score0.02539EPSS
CVE
CVE
added 2021/10/15 1:40 p.m.42 views

CVE-2021-3881

CVE-2021-3881 affects libmobi and is a buffer/Out-of-bounds Read vulnerability in mobi_decompress_huffman_internal. The root cause is unsafe decompressing of user input in Huffman processing, where code_length can exceed the maxcode_table size, enabling reads beyond allocated buffers. Proof-of-co...

9.8CVSS8.2AI score0.0112EPSS
CVE
CVE
added 2018/05/30 1:0 p.m.41 views

CVE-2018-11434

The CVE-2018-11434 vulnerability affects Libmobi 0.3, where the buffer_fill64 function in compression.c can cause a heap-based information disclosure when processing specially crafted MOBI files. The issue is a heap-based over-read introduced in the affected code path, enabling potential leakage ...

6.5CVSS6.2AI score0.01434EPSS
CVE
CVE
added 2018/05/30 1:0 p.m.40 views

CVE-2018-11433

CVE-2018-11433 affects Libmobi 0.3. The vulnerability lies in mobi_get_kf8boundary_seqnumber (util.c), which can disclose memory via a crafted MOBI file due to a heap-based buffer over-read. Remote attackers could exploit this by using a specially crafted MOBI, enabling information disclosure. Th...

6.5CVSS6.2AI score0.01434EPSS
CVE
CVE
added 2018/05/30 1:0 p.m.39 views

CVE-2018-11435

Libmobi 0.3 is affected by a vulnerability in the function mobi_decompress_huffman_internal in compression.c, which allows a remote attacker to cause information disclosure via a crafted MOBI file, manifesting as a read access violation. This is corroborated across multiple sources (NVD/NVD-based...

6.5CVSS6.1AI score0.01436EPSS
CVE
CVE
added 2018/05/30 1:0 p.m.39 views

CVE-2018-11437

The CVE-2018-11437 entry concerns Libmobi 0.3, where the mobi_reconstruct_parts function in parse_rawml.c can disclose information via a specially crafted MOBI file. The vulnerability is described as a read access disclosure, triggered by crafted input. No exploit details, affected versions beyon...

6.5CVSS6.1AI score0.01434EPSS
CVE
CVE
added 2018/06/19 9:0 p.m.37 views

CVE-2018-11726

Libmobi 0.3 is affected by a vulnerability in mobi_decode_font_resource (util.c) that can be triggered by a crafted MOBI file, causing a heap-based buffer overflow with remote DoS or possible other impact. The Connected documents corroborate Libmobi 0.3 as the vulnerable version; no remediation o...

8.8CVSS9AI score0.02546EPSS
CVE
CVE
added 2018/06/19 9:0 p.m.36 views

CVE-2018-11724

The vulnerability CVE-2018-11724 affects Libmobi 0.3, specifically the mobi_pk1_decrypt function in encryption.c. A crafted mobi file can trigger a heap-based buffer overflow, allowing remote attackers to cause a denial of service and, per the entry, potentially other unspecified impact. Details ...

8.8CVSS9AI score0.01551EPSS
CVE
CVE
added 2018/05/30 1:0 p.m.35 views

CVE-2018-11436

CVE-2018-11436 affects Libmobi version 0.3. The vulnerability is in the buffer_addraw function of buffer.c, enabling a remote attacker to disclose information via a crafted MOBI file due to a heap-based over-read. The exploitation vector and impact are described as information disclosure; no in-w...

6.5CVSS6.2AI score0.01434EPSS