CVE-2018-11432

Name of the Vulnerable Software and Affected Versions Libmobi version 0.3

Description The issue allows remote attackers to cause information disclosure through a heap-based buffer over-read via a crafted mobi file. This is due to a problem in the mobi parse mobiheader function in read.c.

Recommendations For Libmobi version 0.3, consider avoiding the use of the mobi parse mobiheader function until a patch is available. As a temporary workaround, restrict the processing of crafted mobi files to minimize the risk of exploitation.