libmobi_project CVE Vulnerabilities & Metrics

Focus on libmobi_project vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About libmobi_project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with libmobi_project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total libmobi_project CVEs: 21
Earliest CVE date: 30 May 2018, 13:29 UTC
Latest CVE date: 01 Jul 2022, 09:15 UTC

Latest CVE reference: CVE-2022-2279

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical libmobi_project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.3

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	18
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS libmobi_project CVEs

These are the five CVEs with the highest CVSS scores for libmobi_project, sorted by severity first and recency.

CVE-2021-3881 libmobi_project Published on 15 Oct 2021, 14:15 UTC (CVSS: 7.5)
libmobi is vulnerable to Out-of-bounds Read
CVE-2021-3751 libmobi_project Published on 15 Sep 2021, 07:15 UTC (CVSS: 7.5)
libmobi is vulnerable to Out-of-bounds Write
CVE-2018-11726 libmobi_project Published on 19 Jun 2018, 21:29 UTC (CVSS: 6.8)
The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
CVE-2018-11724 libmobi_project Published on 19 Jun 2018, 21:29 UTC (CVSS: 6.8)
The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.
CVE-2018-11438 libmobi_project Published on 30 May 2018, 13:29 UTC (CVSS: 6.8)
The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.

All CVEs for libmobi_project

CVE-2022-2279 libmobi_project vulnerability CVSS: 4.3 01 Jul 2022, 09:15 UTC

NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.

CVE-2022-1987 libmobi_project vulnerability CVSS: 5.8 03 Jun 2022, 08:15 UTC

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

CVE-2022-29788 libmobi_project vulnerability CVSS: 4.3 02 Jun 2022, 14:15 UTC

libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.

CVE-2022-1908 libmobi_project vulnerability CVSS: 5.8 27 May 2022, 09:15 UTC

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

CVE-2022-1907 libmobi_project vulnerability CVSS: 5.8 27 May 2022, 09:15 UTC

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

CVE-2022-1534 libmobi_project vulnerability CVSS: 3.6 29 Apr 2022, 11:15 UTC

Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.

CVE-2022-1533 libmobi_project vulnerability CVSS: 4.6 29 Apr 2022, 11:15 UTC

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution.

CVE-2021-3889 libmobi_project vulnerability CVSS: 5.8 19 Oct 2021, 13:15 UTC

libmobi is vulnerable to Use of Out-of-range Pointer Offset

CVE-2021-3888 libmobi_project vulnerability CVSS: 5.8 19 Oct 2021, 13:15 UTC

libmobi is vulnerable to Use of Out-of-range Pointer Offset

CVE-2021-3881 libmobi_project vulnerability CVSS: 7.5 15 Oct 2021, 14:15 UTC

libmobi is vulnerable to Out-of-bounds Read

CVE-2021-3751 libmobi_project vulnerability CVSS: 7.5 15 Sep 2021, 07:15 UTC

libmobi is vulnerable to Out-of-bounds Write

CVE-2018-11726 libmobi_project vulnerability CVSS: 6.8 19 Jun 2018, 21:29 UTC

The mobi_decode_font_resource function in util.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.

CVE-2018-11725 libmobi_project vulnerability CVSS: 4.3 19 Jun 2018, 21:29 UTC

The mobi_parse_index_entry function in index.c in Libmobi 0.3 allows remote attackers to cause an information disclosure (heap-based buffer over-read) via a crafted mobi file.

CVE-2018-11724 libmobi_project vulnerability CVSS: 6.8 19 Jun 2018, 21:29 UTC

The mobi_pk1_decrypt function in encryption.c in Libmobi 0.3 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted mobi file.

CVE-2018-11438 libmobi_project vulnerability CVSS: 6.8 30 May 2018, 13:29 UTC

The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.

CVE-2018-11437 libmobi_project vulnerability CVSS: 4.3 30 May 2018, 13:29 UTC

The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.

CVE-2018-11436 libmobi_project vulnerability CVSS: 4.3 30 May 2018, 13:29 UTC

The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.

CVE-2018-11435 libmobi_project vulnerability CVSS: 4.3 30 May 2018, 13:29 UTC

The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.

CVE-2018-11434 libmobi_project vulnerability CVSS: 4.3 30 May 2018, 13:29 UTC

The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.

CVE-2018-11433 libmobi_project vulnerability CVSS: 4.3 30 May 2018, 13:29 UTC

The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.

CVE-2018-11432 libmobi_project vulnerability CVSS: 4.3 30 May 2018, 13:29 UTC

The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.