Libmobi
CVE-2018-11726
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
AnalysisAI
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file. Affected products include: Libmobi Project Libmobi.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).
libmobi is vulnerable to Out-of-bounds Read. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploita
libmobi is vulnerable to Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploit
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 8.1), this vulnerabi
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 8.1), this vulnerabi
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 8.1), this vulnerabi
libmobi is vulnerable to Use of Out-of-range Pointer Offset. Rated high severity (CVSS 8.1), this vulnerability is remot
libmobi is vulnerable to Use of Out-of-range Pointer Offset. Rated high severity (CVSS 8.1), this vulnerability is remot
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVSS 7.8), this vulnerabi
Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated high severity (CVS
The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclos
The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-base
Same weakness CWE-787 – Out-of-bounds Write
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today