VDB

CVE-2025-2174

CVE-2025-2174 PUBLISHED CVSS 6.900000095367432 MEDIUM

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

EPSS 0.18% · 39.2th percentile

Risk Scores

CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.18%
39.2th percentile

Affected Products

VendorProductVersions
zapping-vbizvbi0
n/alibzvbi0.2.0, 0.2.1, 0.2.2

Exploit Intelligence

Timeline

  • Mar 11, 2025 Coalition ESS Score
  • Mar 11, 2025 CVE Published
  • Mar 11, 2025 CVE Updated
  • Mar 12, 2025 EPSS Score
  • Mar 15, 2025 Coalition ESS Score
  • Mar 18, 2025 Coalition ESS Score
  • Mar 22, 2025 Coalition ESS Score
  • Mar 26, 2025 EPSS Score
  • Mar 29, 2025 Coalition ESS Score
  • Apr 8, 2025 EPSS Score
  • Apr 22, 2025 EPSS Score
  • May 5, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›