PT-2022-13937 · Libmobi · Libmobi

Bfabiszewski

Published

2022-04-29

Updated

2022-05-11

CVE-2022-1534

CVSS v3.1

6.6

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

Name of the Vulnerable Software and Affected Versions libmobi versions prior to 0.11

Description The issue is a buffer over-read that occurs at parse rawml.c:1416 in the GitHub repository bfabiszewski/libmobi. This bug causes the program to read data past the end of the intended buffer, which can allow attackers to read sensitive information from other memory locations or cause a crash.

Recommendations For versions prior to 0.11, update to version 0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update is applied.

Exploit

Fix

Buffer Over-read

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-126CWE-125

Related Identifiers

CVE-2022-1534

Affected Products

Libmobi

PT-2022-13937 · Libmobi · Libmobi

CVE-2022-1534

Weakness Enumeration

Related Identifiers

Affected Products

References · 11