The mobi_parse_mobiheader function in read.c in libmobi version 0.3 allows remote attackers to cause an information disclosure (heap-buffer-overflow out-of-bounds read) via a crafted mobi file.
babc700fdfbf7569414cc4b5cc9368b9e9d4a00a0985a70e4dbb9bbe3dcd9824