Skip to main content

Libmobi CVE-2018-11725

MEDIUM
Out-of-bounds Read (CWE-125)
2018-06-19 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 19, 2018 - 21:29 nvd
MEDIUM 6.5

DescriptionNVD

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.

AnalysisAI

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file. Affected products include: Libmobi Project Libmobi.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2021-3881 CRITICAL POC
9.8 Oct 15

libmobi is vulnerable to Out-of-bounds Read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita

CVE-2021-3751 CRITICAL POC
9.8 Sep 15

libmobi is vulnerable to Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit

CVE-2018-11438 HIGH POC
8.8 May 30

The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution

CVE-2022-1987 HIGH POC
8.1 Jun 03

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 8.1), this vulnerabi

CVE-2022-1908 HIGH POC
8.1 May 27

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 8.1), this vulnerabi

CVE-2022-1907 HIGH POC
8.1 May 27

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 8.1), this vulnerabi

CVE-2021-3889 HIGH POC
8.1 Oct 19

libmobi is vulnerable to Use of Out-of-range Pointer Offset. Rated high severity (CVSS 8.1), this vulnerability is remot

CVE-2021-3888 HIGH POC
8.1 Oct 19

libmobi is vulnerable to Use of Out-of-range Pointer Offset. Rated high severity (CVSS 8.1), this vulnerability is remot

CVE-2022-1533 HIGH POC
7.8 Apr 29

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 7.8), this vulnerabi

CVE-2022-1534 HIGH POC
7.1 Apr 29

Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVS

CVE-2018-11437 MEDIUM POC
6.5 May 30

The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclos

CVE-2018-11436 MEDIUM POC
6.5 May 30

The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-base

Share

CVE-2018-11725 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy