{"id":"CVE-2021-3881","details":"libmobi is vulnerable to Out-of-bounds Read","modified":"2026-07-09T01:31:47.035044Z","published":"2021-10-15T14:15:07.907Z","references":[{"type":"FIX","url":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21"},{"type":"EVIDENCE","url":"https://huntr.dev/bounties/540fd115-7de4-4e19-a918-5ee61f5157c1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/bfabiszewski/libmobi","events":[{"introduced":"0"},{"last_affected":"c814c4aba4e090fa32805ff8ff459df6c2c61b5c"},{"fixed":"bec783e6212439a335ba6e8df7ab8ed610ca9a21"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"0.7"}],"cpe":"cpe:2.3:a:libmobi_project:libmobi:*:*:*:*:*:*:*:*","source":["CPE_RANGE","REFERENCES"]}}],"versions":["v0.7","v0.6","v0.5","v0.4","v0.3","v0.2"],"database_specific":{"vanir_signatures":[{"target":{"file":"src/compression.h"},"signature_type":"Line","id":"CVE-2021-3881-8e24c8e7","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["60941633953866768929173956639993985641","183843454184476539211598106013255501549","143765066257043244895911758730691455220","147513665195283254971157146680447318182","140351231808443371633715668491813990186","296309073408020226762114275721447844600","127278800796710865628981060257648791801","101974956512608900157789862989947945076"]},"deprecated":false,"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21"},{"target":{"function":"mobi_decompress_huffman_internal","file":"src/compression.c"},"signature_type":"Function","id":"CVE-2021-3881-bbe46003","signature_version":"v1","digest":{"function_hash":"4624666305156171928350655180407704292","length":1545},"deprecated":false,"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21"},{"target":{"function":"mobi_parse_huff","file":"src/read.c"},"signature_type":"Function","id":"CVE-2021-3881-d75cbc27","signature_version":"v1","digest":{"function_hash":"15982606896711580559032318799110888001","length":1347},"deprecated":false,"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21"},{"target":{"file":"src/compression.c"},"signature_type":"Line","id":"CVE-2021-3881-f6596980","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["320248425003798492802026060138869397908","53738011554090313359502918295970605591","80067300861157203983853007628640119367","229029659698259163062567162243171267234"]},"deprecated":false,"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21"},{"target":{"file":"src/read.c"},"signature_type":"Line","id":"CVE-2021-3881-f796c5c2","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["83711654140281194512571502054329484444","141291084972431703333183233355891047729","217331745260185525010947671041549721309","199430023177546943535288491088830199563"]},"deprecated":false,"source":"https://github.com/bfabiszewski/libmobi/commit/bec783e6212439a335ba6e8df7ab8ed610ca9a21"}],"vanir_signatures_modified":"2026-07-09T01:31:47Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3881.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}