{"id":"MGASA-2025-0121","summary":"Updated zvbi packages fix security vulnerabilities","details":"A vulnerability was found in libzvbi up to 0.2.43. It has been\nclassified as problematic. Affected is the function\nvbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the\nargument src_length leads to uninitialized pointer. It is possible to\nlaunch the attack remotely. The exploit has been disclosed to the public\nand may be used. Upgrading to version 0.2.44 is able to address this\nissue (CVE-2025-2173).\nA vulnerability classified as critical has been found in libzvbi up to\n0.2.43. This affects the function vbi_capture_sim_load_caption of the\nfile src/io-sim.c. The manipulation leads to integer overflow. It is\npossible to initiate the attack remotely. The exploit has been disclosed\nto the public and may be used. Upgrading to version 0.2.44 is able to\naddress this issue(A vulnerability classified as critical has been found\nin libzvbi up to 0.2.43. This affects the function\nvbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation\nleads to integer overflow. It is possible to initiate the attack\nremotely. The exploit has been disclosed to the public and may be used.\nUpgrading to version 0.2.44 is able to address this\nissue (CVE-2025-2176).\nA vulnerability was found in libzvbi up to 0.2.43. It has been rated as\nproblematic. Affected by this issue is the function _vbi_strndup_iconv.\nThe manipulation leads to integer overflow. The attack may be launched\nremotely. The exploit has been disclosed to the public and may be used.\nUpgrading to version 0.2.44 is able to address this\nissue (CVE-2025-2175).\nA vulnerability classified as critical was found in libzvbi up to\n0.2.43. This vulnerability affects the function vbi_search_new of the\nfile src/search.c. The manipulation of the argument pat_len leads to\ninteger overflow. The attack can be initiated remotely. The exploit has\nbeen disclosed to the public and may be used. Upgrading to version\n0.2.44 is able to address this issue (CVE-2025-2177)\nA vulnerability was found in libzvbi up to 0.2.43. It has been declared\nas problematic. Affected by this vulnerability is the function\nvbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the\nargument src_length leads to integer overflow. The attack can be\nlaunched remotely. The exploit has been disclosed to the public and may\nbe used. Upgrading to version 0.2.44 is able to address this\nissue (CVE-2025-2174).\n","modified":"2026-04-16T00:10:00.488588411Z","published":"2025-03-31T15:54:01Z","upstream":["CVE-2025-2173","CVE-2025-2174","CVE-2025-2175","CVE-2025-2176","CVE-2025-2177"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0121.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34136"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7367-1"}],"affected":[{"package":{"name":"zvbi","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/zvbi?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.2.44-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0121.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}