OESA-2025-1331

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2025-1331
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2025-1331.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2025-1331
Upstream
Published
2025-03-29T01:50:04Z
Modified
2025-08-13T09:18:44.332849Z
Summary
zvbi security update
Details

The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide range of formats, has functions to decode several popular services including Teletext and Closed Caption, a Teletext cache with search function, various text export and rendering functions.

Security Fix(es):

A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbistrndupiconvucs2 of the file src/conv.c. The manipulation of the argument srclength leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.(CVE-2025-2173)

Database specific 
{
    "severity": "Medium"
}
References

Affected packages

openEuler:24.03-LTS / zvbi

Package

Name
zvbi
Purl
pkg:rpm/openEuler/zvbi&distro=openEuler-24.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.42-4.oe2403

Ecosystem specific 

{
    "src": [
        "zvbi-0.2.42-4.oe2403.src.rpm"
    ],
    "aarch64": [
        "zvbi-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-devel-0.2.42-4.oe2403.aarch64.rpm",
        "zvbi-help-0.2.42-4.oe2403.aarch64.rpm"
    ],
    "x86_64": [
        "zvbi-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-debuginfo-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-debugsource-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-devel-0.2.42-4.oe2403.x86_64.rpm",
        "zvbi-help-0.2.42-4.oe2403.x86_64.rpm"
    ]
}