CVE-2022-29788 — Vulnetix

CVE-2022-29788 PUBLISHED CVSS 6.5 MEDIUM

libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file.

EPSS 0.31% · 54.7th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.31%

54.7th percentile

Affected Products

Vendor	Product	Versions
libmobi_project	libmobi	0
n/a	n/a	n/a

Exploit Intelligence

https://github.com/bfabiszewski/libmobi/commit/ce0ab6586069791b1e8e2a42f44318e581c39939 (circl)

Timeline

Jun 2, 2022 CVE Published
Jun 3, 2022 EPSS Score
Jul 22, 2022 EPSS Score
Sep 9, 2022 EPSS Score
Oct 27, 2022 EPSS Score
Dec 15, 2022 EPSS Score
Feb 1, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 22, 2023 EPSS Score
May 9, 2023 EPSS Score
Jun 27, 2023 EPSS Score
Aug 14, 2023 EPSS Score

References

https://github.com/bfabiszewski/libmobi/commit/ce0ab6586069791b1e8e2a42f44318e581c39939 url
https://nvd.nist.gov/vuln/detail/CVE-2022-29788 advisory

Open in Interactive Console →