CVE-2018-11725

MEDIUM

libmobi 0.3 - Out-of-bounds Read in mobi_parse_index_entry

Title source: llm
STIX 2.1

Description

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.

References (2)

Core 2
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jun/16

Scores

CVSS v3 6.5
EPSS 0.0254
EPSS Percentile 83.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-125
Status published
Products (1)
libmobi_project/libmobi 0.3
Published Jun 19, 2018
Tracked Since Feb 18, 2026