VDB
CVE-2025-2175
CVE-2025-2175
PUBLISHED
CVSS 5.300000190734863 MEDIUM
A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
EPSS 0.09% · 25.7th percentile
Risk Scores
CVSS 4.0
5.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
EPSS Score
0.09%
25.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| zapping-vbi | zvbi | 0 |
| n/a | libzvbi | 0.2.0, 0.2.1, 0.2.3 |
Exploit Intelligence
- CIRCL seen: CVE-2025-2175 (circl-sighting)
- VDB-299204 | libzvbi _vbi_strndup_iconv integer overflow (circl)
- VDB-299204 | CTI Indicators (IOB, IOC, IOA) (circl)
- Submit #512801 | Open Source libzvbi 0.2.43 Integer Overflow -> Heap Overflow (_vbi_strndup_iconv) (circl)
- https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf (circl)
- https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44 (circl)
Timeline
- Mar 11, 2025 Coalition ESS Score
- Mar 11, 2025 CVE Published
- Mar 11, 2025 PoC Published
- Mar 11, 2025 CVE Updated
- Mar 12, 2025 EPSS Score
- Mar 26, 2025 EPSS Score
- Apr 8, 2025 EPSS Score
- Apr 22, 2025 EPSS Score
- May 5, 2025 EPSS Score
- May 19, 2025 EPSS Score
- Jun 2, 2025 EPSS Score
- Jun 15, 2025 EPSS Score
References
- https://vuldb.com/?id.299204 url
- https://vuldb.com/?submit.512801 url
- VDB-299204 | CTI Indicators (IOB, IOC, IOA) url
- https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf url
- https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44 patch
- https://nvd.nist.gov/vuln/detail/CVE-2025-2175 advisory