Login Sign Up

CVE-2022-1908

8.1 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

CVE-2022-1908 is a buffer over-read vulnerability in libmobi library versions prior to 0.11 that allows reading beyond allocated memory boundaries when processing malicious MOBI ebook files. This affects any application using vulnerable libmobi versions to parse MOBI files, potentially exposing sensitive memory contents. Attackers could exploit this by tricking users into opening specially crafted MOBI files.

💻 Affected Systems

Products:
  • libmobi
  • Applications using libmobi for MOBI file processing
Versions: All versions prior to 0.11
Operating Systems: Linux, Windows, macOS, BSD
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that uses libmobi to parse MOBI ebook files is vulnerable when processing untrusted files.

📦 What is this software?

Libmobi by Libmobi Project

View all CVEs affecting Libmobi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure of sensitive memory contents including passwords, keys, or other application data, potentially leading to full system compromise if combined with other vulnerabilities.

🟠

Likely Case

Application crash (denial of service) or limited information disclosure from the application's memory space.

🟢

If Mitigated

Application crash with no data loss if proper memory protections (ASLR, DEP) are enabled.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction to open a malicious MOBI file. Proof-of-concept available in public bounty reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.11 and later

Vendor Advisory: https://github.com/bfabiszewski/libmobi/commit/1e0378e6f9e4ae415cedc9eb10850888897c5dba

Restart Required: No

Instructions:

1. Update libmobi to version 0.11 or later. 2. Recompile any applications using libmobi with the updated library. 3. Replace existing libmobi installations with patched version.

🔧 Temporary Workarounds

Disable MOBI file processing

all

Prevent applications from processing MOBI files if not required

Use file type restrictions

all

Configure applications to reject MOBI files from untrusted sources

🧯 If You Can't Patch

  • Implement strict file upload validation to block MOBI files from untrusted sources
  • Deploy memory protection mechanisms (ASLR, DEP) to reduce impact

🔍 How to Verify

Check if Vulnerable:

Check libmobi version: 'mobi_version' command or check library version in application dependencies

Check Version:

mobi_version 2>/dev/null || echo "Check application dependencies for libmobi version"

Verify Fix Applied:

Verify libmobi version is 0.11 or later and test with known malicious MOBI files

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing MOBI files
  • Memory access violation errors in application logs

Network Indicators:

  • MOBI file downloads from suspicious sources

SIEM Query:

source="application.log" AND ("segmentation fault" OR "access violation") AND "mobi"

📊 Metadata

CVE ID: CVE-2022-1908
CVSS v3 Score: 8.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
CWE: CWE-126
Published: May 27, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1908, you might also want to check these:

CVE-2017-17772 9.8

This vulnerability allows attackers to perform out-of-bounds reads in 802.11 frame processing functi...

Same vulnerability type (CWE-126)
CVE-2023-36397 9.8

This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by ...

Same vulnerability type (CWE-126)
CVE-2021-34584 9.1

CVE-2021-34584 is a buffer over-read vulnerability in the CODESYS V2 web server that allows attacker...

Same vulnerability type (CWE-126)