CVE-2021-3751 – CVE-2021-3751 is an out-of-bounds write vulnera... (How to Fix)

Q: What is the severity of CVE-2021-3751?

CVE-2021-3751 has a CVSS score of 9.8 (CRITICAL). CVE-2021-3751 is an out-of-bounds write vulnerability in libmobi, a library for handling MOBI eBook files. This vulnerability allows attackers to execute arbitrary code or cause denial of service by processing specially crafted MOBI files. Any application or system using vulnerable versions of libmobi is affected.

📋 TL;DR

CVE-2021-3751 is an out-of-bounds write vulnerability in libmobi, a library for handling MOBI eBook files. This vulnerability allows attackers to execute arbitrary code or cause denial of service by processing specially crafted MOBI files. Any application or system using vulnerable versions of libmobi is affected.

💻 Affected Systems

Products:

libmobi
Applications using libmobi (e.g., eBook readers, document converters)

Versions: Versions before commit ab5bf0e37e540eac682a14e628853b918626e72b

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses libmobi to parse MOBI files is vulnerable regardless of configuration.

📦 What is this software?

Libmobi by Libmobi Project

View all CVEs affecting Libmobi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the application context.

🟢

If Mitigated

Application crash with no further impact if proper sandboxing and privilege separation are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires the victim to open a malicious MOBI file. The vulnerability is in file parsing, so no authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Commit ab5bf0e37e540eac682a14e628853b918626e72b and later

Vendor Advisory: https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b

Restart Required: No

Instructions:

1. Update libmobi to the latest version from the official repository. 2. Recompile any applications that statically link libmobi. 3. For dynamically linked applications, ensure the updated library is loaded.

🔧 Temporary Workarounds

Disable MOBI file processing

all

Temporarily disable or block MOBI file processing in affected applications.

Use application sandboxing

all

Run applications that process MOBI files in restricted environments (containers, sandboxes) to limit impact.

🧯 If You Can't Patch

Implement strict file upload controls to block MOBI files from untrusted sources.
Use endpoint detection and response (EDR) tools to monitor for exploitation attempts and application crashes.

🔍 How to Verify

Check if Vulnerable:

Check libmobi version or commit hash. If using a package manager, check the installed version against the patched commit.

Check Version:

For source installations: git log --oneline -1. For packages: dpkg -s libmobi (Linux) or equivalent package manager command.

Verify Fix Applied:

Verify that libmobi is updated to commit ab5bf0e37e540eac682a14e628853b918626e72b or later. Test with known malicious MOBI files if available.

📡 Detection & Monitoring

Log Indicators:

Application crashes or abnormal termination when processing MOBI files
Unexpected process spawning from eBook reader applications

Network Indicators:

Unusual outbound connections from applications that handle MOBI files

SIEM Query:

Example: process_name:"ebook_reader" AND event_type:"crash" OR process_name:"libmobi" AND event_type:"malicious_file_detected"

📊 Metadata

CVE ID: CVE-2021-3751

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: September 15, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b Patch,Third Party Advisory
https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769 Exploit,Issue Tracking,Patch,Third Party Advisory
https://github.com/bfabiszewski/libmobi/commit/ab5bf0e37e540eac682a14e628853b918626e72b Patch,Third Party Advisory
https://huntr.dev/bounties/fcb4383c-bc27-4b89-bfce-6b041f0cb769 Exploit,Issue Tracking,Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-3751, you might also want to check these: