CVE-2018-11435

Name of the Vulnerable Software and Affected Versions Libmobi version 0.3

Description The issue allows remote attackers to cause information disclosure via a crafted mobi file, specifically through a read access violation in the mobi decompress huffman internal function.

Recommendations For Libmobi version 0.3, consider avoiding the use of the mobi decompress huffman internal function until a patch is available. As a temporary workaround, restrict the processing of crafted mobi files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.