{"id":"CVE-2021-3889","details":"libmobi is vulnerable to Use of Out-of-range Pointer Offset","modified":"2026-03-20T04:11:09.013922Z","published":"2021-10-19T13:15:11.977Z","references":[{"type":"FIX","url":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21"},{"type":"FIX","url":"https://huntr.dev/bounties/efb3e261-3f7d-4a45-8114-e0ace6b21516"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bfabiszewski/libmobi","events":[{"introduced":"0"},{"fixed":"40c21718a30e01ddffe4a16b6cbb2651d701d4ae"},{"fixed":"bec783e6212439a335ba6e8df7ab8ed610ca9a21"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.8"}]}}],"versions":["v0.2","v0.3","v0.4","v0.5","v0.6","v0.7"],"database_specific":{"vanir_signatures":[{"id":"CVE-2021-3889-8e24c8e7","target":{"file":"src/compression.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["60941633953866768929173956639993985641","183843454184476539211598106013255501549","143765066257043244895911758730691455220","147513665195283254971157146680447318182","140351231808443371633715668491813990186","296309073408020226762114275721447844600","127278800796710865628981060257648791801","101974956512608900157789862989947945076"]},"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-3889-bbe46003","target":{"function":"mobi_decompress_huffman_internal","file":"src/compression.c"},"signature_type":"Function","digest":{"length":1545,"function_hash":"4624666305156171928350655180407704292"},"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-3889-d75cbc27","target":{"function":"mobi_parse_huff","file":"src/read.c"},"signature_type":"Function","digest":{"length":1347,"function_hash":"15982606896711580559032318799110888001"},"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-3889-f6596980","target":{"file":"src/compression.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["320248425003798492802026060138869397908","53738011554090313359502918295970605591","80067300861157203983853007628640119367","229029659698259163062567162243171267234"]},"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21","deprecated":false,"signature_version":"v1"},{"id":"CVE-2021-3889-f796c5c2","target":{"file":"src/read.c"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["83711654140281194512571502054329484444","141291084972431703333183233355891047729","217331745260185525010947671041549721309","199430023177546943535288491088830199563"]},"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21","deprecated":false,"signature_version":"v1"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-3889.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H"}]}