==========================================================================
Ubuntu Security Notice USN-7638-1
July 16, 2025

libmobi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS

Summary:

Several security issues were fixed in Libmobi.

Software Description:
- libmobi: C library for handling Kindle (MOBI) formats of ebook documents

Details:

It was discovered that Libmobi did not correctly handle certain memory
operations, which could lead to a buffer overflow. A local attacker
could possibly trigger this vulnerability to cause a denial of service.
(CVE-2022-1907, CVE-2022-1908)

It was discovered that Libmobi could dereference a NULL pointer via the
component mobi_buffer_getpointer. A local attacker could possibly
trigger this vulnerability to cause a denial of service.
(CVE-2022-29788)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
  libmobi0                        0.9+dfsg1-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7638-1
  CVE-2022-1907, CVE-2022-1908, CVE-2022-29788