SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-979

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-979

Security update for zvbi

Type: security

Severity: important

Issued: 2025-03-21

Description:

This update for zvbi fixes the following issues:
  
  - CVE-2025-2173: Fixed check on src_length to avoid an unitinialized heap read (bsc#1239222).
  - CVE-2025-2174: Fixed integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c (bsc#1239299).
  - CVE-2025-2175: Fixed integer overflow in _vbi_strndup_iconv (bsc#1239312).
  - CVE-2025-2176: Fixed integer overflow in function vbi_capture_sim_load_caption in src/io-sim.c (bsc#1239319).
  - CVE-2025-2177: Fixed integer overflow in function vbi_search_new in src/search.c (bsc#1239320).

References

CVE: CVE-2025-2177
CVE: CVE-2025-2176
CVE: CVE-2025-2175
CVE: CVE-2025-2174
CVE: CVE-2025-2173
Bugzilla: 1239320 VUL-0: CVE-2025-2177: zvbi: vulnerability affects the function vbi_search_new of the file src/search.c
Bugzilla: 1239319 VUL-0: CVE-2025-2176: zvbi: Avoid integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c
Bugzilla: 1239312 VUL-0: CVE-2025-2175: zvbi: integer overflow in _vbi_strndup_iconv
Bugzilla: 1239299 VUL-0: CVE-2025-2174: zvbi: Avoid integer overflow leading to heap overflow in src/conv.c, src/io-sim.c, src/search.c
Bugzilla: 1239222 VUL-0: CVE-2025-2173: zvbi: src/conv.c: Check src_length to avoid an unitinialized heap read

Packages

zvbi-0.2.35-150000.4.3.1