Advisories » MGASA-2025-0121

Updated zvbi packages fix security vulnerabilities

Publication date: 31 Mar 2025
Modification date: 31 Mar 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-2173 , CVE-2025-2174 , CVE-2025-2175 , CVE-2025-2176 , CVE-2025-2177

Description

A vulnerability was found in libzvbi up to 0.2.43. It has been
classified as problematic. Affected is the function
vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the
argument src_length leads to uninitialized pointer. It is possible to
launch the attack remotely. The exploit has been disclosed to the public
and may be used. Upgrading to version 0.2.44 is able to address this
issue (CVE-2025-2173).
A vulnerability classified as critical has been found in libzvbi up to
0.2.43. This affects the function vbi_capture_sim_load_caption of the
file src/io-sim.c. The manipulation leads to integer overflow. It is
possible to initiate the attack remotely. The exploit has been disclosed
to the public and may be used. Upgrading to version 0.2.44 is able to
address this issue(A vulnerability classified as critical has been found
in libzvbi up to 0.2.43. This affects the function
vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation
leads to integer overflow. It is possible to initiate the attack
remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 0.2.44 is able to address this
issue (CVE-2025-2176).
A vulnerability was found in libzvbi up to 0.2.43. It has been rated as
problematic. Affected by this issue is the function _vbi_strndup_iconv.
The manipulation leads to integer overflow. The attack may be launched
remotely. The exploit has been disclosed to the public and may be used.
Upgrading to version 0.2.44 is able to address this
issue (CVE-2025-2175).
A vulnerability classified as critical was found in libzvbi up to
0.2.43. This vulnerability affects the function vbi_search_new of the
file src/search.c. The manipulation of the argument pat_len leads to
integer overflow. The attack can be initiated remotely. The exploit has
been disclosed to the public and may be used. Upgrading to version
0.2.44 is able to address this issue (CVE-2025-2177)
A vulnerability was found in libzvbi up to 0.2.43. It has been declared
as problematic. Affected by this vulnerability is the function
vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the
argument src_length leads to integer overflow. The attack can be
launched remotely. The exploit has been disclosed to the public and may
be used. Upgrading to version 0.2.44 is able to address this
issue (CVE-2025-2174).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34136
• https://ubuntu.com/security/notices/USN-7367-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2173
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2174
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2175
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2176
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-2177

SRPMS

9/core

• zvbi-0.2.44-1.mga9