CVE-2025-2175 Information

Description

A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Reference

https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44 https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf https://vuldb.com/?ctiid.299204 https://vuldb.com/?id.299204 https://vuldb.com/?submit.512801

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

4.3