CVE-2025-2176 — Vulnetix

CVE-2025-2176 PUBLISHED CVSS 6.900000095367432 MEDIUM

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

EPSS 0.08% · 22.7th percentile

Risk Scores

CVSS 4.0

6.900000095367432

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS Score

0.08%

22.7th percentile

Affected Products

Vendor	Product	Versions
n/a	libzvbi	0.2.9, 0.2.0, 0.2.1
zapping-vbi	zvbi	0

Exploit Intelligence

CIRCL seen: CVE-2025-2176 (circl-sighting)
CIRCL seen: CVE-2025-2176 (circl-sighting)
VDB-299205 | libzvbi io-sim.c vbi_capture_sim_load_caption integer overflow (circl)
VDB-299205 | CTI Indicators (IOB, IOC, IOA) (circl)
Submit #512802 | Open Source libzvbi 0.2.43 Integer Overflow -> Heap Overflow (vbi_capture_sim_load_caption) (circl)
https://github.com/zapping-vbi/zvbi/security/advisories/GHSA-g7cg-7gw9-v8cf (circl)
https://github.com/zapping-vbi/zvbi/commit/ca1672134b3e2962cd392212c73f44f8f4cb489f (circl)
https://github.com/zapping-vbi/zvbi/releases/tag/v0.2.44 (circl)

Timeline

Mar 11, 2025 CVE Published
Mar 11, 2025 CVE Updated
Mar 12, 2025 EPSS Score
Mar 25, 2025 Coalition ESS Score
Mar 26, 2025 EPSS Score
Apr 8, 2025 EPSS Score
Apr 22, 2025 EPSS Score
May 5, 2025 EPSS Score
May 19, 2025 EPSS Score
Jun 2, 2025 EPSS Score
Jun 15, 2025 EPSS Score
Jun 29, 2025 EPSS Score

References

Open in Interactive Console →