OESA-2025-1308

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1308

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2025-1308.json

JSON Data

https://api.test.osv.dev/v1/vulns/OESA-2025-1308

Upstream

CVE-2025-2174

CVE-2025-2176

CVE-2025-2177

Published

2025-03-21T13:18:05Z

Modified

2025-08-12T05:49:08.835721Z

Summary

zvbi security update

Details

The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide range of formats, has functions to decode several popular services including Teletext and Closed Caption, a Teletext cache with search function, various text export and rendering functions.

Security Fix(es):

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.(CVE-2025-2174)

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbicapturesimloadcaption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.(CVE-2025-2176)

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbisearchnew of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.(CVE-2025-2177)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP4 / zvbi

Package

Name: zvbi
Purl: pkg:rpm/openEuler/zvbi&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.35-9.oe2003sp4

Ecosystem specific

{
    "src": [
        "zvbi-0.2.35-9.oe2003sp4.src.rpm"
    ],
    "aarch64": [
        "zvbi-0.2.35-9.oe2003sp4.aarch64.rpm",
        "zvbi-debuginfo-0.2.35-9.oe2003sp4.aarch64.rpm",
        "zvbi-debugsource-0.2.35-9.oe2003sp4.aarch64.rpm",
        "zvbi-devel-0.2.35-9.oe2003sp4.aarch64.rpm",
        "zvbi-help-0.2.35-9.oe2003sp4.aarch64.rpm"
    ],
    "x86_64": [
        "zvbi-0.2.35-9.oe2003sp4.x86_64.rpm",
        "zvbi-debuginfo-0.2.35-9.oe2003sp4.x86_64.rpm",
        "zvbi-debugsource-0.2.35-9.oe2003sp4.x86_64.rpm",
        "zvbi-devel-0.2.35-9.oe2003sp4.x86_64.rpm",
        "zvbi-help-0.2.35-9.oe2003sp4.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP3 / zvbi

Package

Name: zvbi
Purl: pkg:rpm/openEuler/zvbi&distro=openEuler-22.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.35-9.oe2203sp3

Ecosystem specific

{
    "src": [
        "zvbi-0.2.35-9.oe2203sp3.src.rpm"
    ],
    "aarch64": [
        "zvbi-0.2.35-9.oe2203sp3.aarch64.rpm",
        "zvbi-debuginfo-0.2.35-9.oe2203sp3.aarch64.rpm",
        "zvbi-debugsource-0.2.35-9.oe2203sp3.aarch64.rpm",
        "zvbi-devel-0.2.35-9.oe2203sp3.aarch64.rpm",
        "zvbi-help-0.2.35-9.oe2203sp3.aarch64.rpm"
    ],
    "x86_64": [
        "zvbi-0.2.35-9.oe2203sp3.x86_64.rpm",
        "zvbi-debuginfo-0.2.35-9.oe2203sp3.x86_64.rpm",
        "zvbi-debugsource-0.2.35-9.oe2203sp3.x86_64.rpm",
        "zvbi-devel-0.2.35-9.oe2203sp3.x86_64.rpm",
        "zvbi-help-0.2.35-9.oe2203sp3.x86_64.rpm"
    ]
}

openEuler:22.03-LTS-SP4 / zvbi

Package

Name: zvbi
Purl: pkg:rpm/openEuler/zvbi&distro=openEuler-22.03-LTS-SP4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.35-9.oe2203sp4

Ecosystem specific

{
    "src": [
        "zvbi-0.2.35-9.oe2203sp4.src.rpm"
    ],
    "aarch64": [
        "zvbi-0.2.35-9.oe2203sp4.aarch64.rpm",
        "zvbi-debuginfo-0.2.35-9.oe2203sp4.aarch64.rpm",
        "zvbi-debugsource-0.2.35-9.oe2203sp4.aarch64.rpm",
        "zvbi-devel-0.2.35-9.oe2203sp4.aarch64.rpm",
        "zvbi-help-0.2.35-9.oe2203sp4.aarch64.rpm"
    ],
    "x86_64": [
        "zvbi-0.2.35-9.oe2203sp4.x86_64.rpm",
        "zvbi-debuginfo-0.2.35-9.oe2203sp4.x86_64.rpm",
        "zvbi-debugsource-0.2.35-9.oe2203sp4.x86_64.rpm",
        "zvbi-devel-0.2.35-9.oe2203sp4.x86_64.rpm",
        "zvbi-help-0.2.35-9.oe2203sp4.x86_64.rpm"
    ]
}

openEuler:24.03-LTS / zvbi

Package

Name: zvbi
Purl: pkg:rpm/openEuler/zvbi&distro=openEuler-24.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.42-4.oe2403sp1

Ecosystem specific

{
    "src": [
        "zvbi-0.2.42-4.oe2403.src.rpm",
        "zvbi-0.2.42-4.oe2403sp1.src.rpm"
    ],
    "aarch64": [
        "zvbi-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-devel-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-help-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-devel-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-help-0.2.42-4.oe2403sp1.aarch64.rpm"
    ],
    "x86_64": [
        "zvbi-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-devel-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-help-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-devel-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-help-0.2.42-4.oe2403sp1.x86_64.rpm"
    ]
}

openEuler:24.03-LTS-SP1 / zvbi

Package

Name: zvbi
Purl: pkg:rpm/openEuler/zvbi&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.2.42-4.oe2403sp1

Ecosystem specific

{
    "src": [
        "zvbi-0.2.42-4.oe2403sp1.src.rpm"
    ],
    "aarch64": [
        "zvbi-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-devel-0.2.42-4.oe2403sp1.aarch64.rpm",
        "zvbi-help-0.2.42-4.oe2403sp1.aarch64.rpm"
    ],
    "x86_64": [
        "zvbi-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-devel-0.2.42-4.oe2403sp1.x86_64.rpm",
        "zvbi-help-0.2.42-4.oe2403sp1.x86_64.rpm"
    ]
}