CVE-2018-11437

Name of the Vulnerable Software and Affected Versions Libmobi version 0.3

Description The issue allows remote attackers to cause information disclosure via a crafted mobi file, specifically through the mobi reconstruct parts function in parse rawml.c. This can lead to read access violation.

Recommendations For Libmobi version 0.3, consider avoiding the use of the mobi reconstruct parts function until a patch is available. As a temporary workaround, restrict the processing of crafted mobi files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.