CVE-2025-2175

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-2175
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-2175.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-2175
Aliases
Downstream
Related
Published
2025-03-11T07:15:37Z
Modified
2025-10-17T20:42:00.119870Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function vbistrndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

References

Affected packages

Git / github.com/zapping-vbi/zvbi

Affected ranges

Type
GIT
Repo
https://github.com/zapping-vbi/zvbi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5169a428d51c3ae8ff7b0897e8a687d8e05e37b5

Affected versions

v0.*

v0.2.36
v0.2.37
v0.2.38
v0.2.39
v0.2.40
v0.2.41
v0.2.42
v0.2.43