CVE-2025-2176

MEDIUM Year: 2025
CVSS v3 Score
7.3
High
CVSS v2 Score
7.5
High
Weakness Type
CWE-189
View all →

Vulnerability Description

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Related Vulnerabilities

CVE-2016-1904

HIGH
CVSS:7.3(High)

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php...

CWE-1892016

CVE-2025-2177

MEDIUM
CVSS:7.3(High)

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len lead...

CWE-1892025

CVE-2011-5326

HIGH
CVSS:7.5(High)

imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.

CWE-1892011

CVE-2014-10375

HIGH
CVSS:7.5(High)

handle_messages in eXtl_tls.c in eXosip before 5.0.0 mishandles a negative value in a content-length header.

CWE-1892014

CVE-2014-9763

HIGH
CVSS:7.5(High)

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.

CWE-1892014

CVE-2015-4626

HIGH
CVSS:7.5(High)

B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.

CWE-1892015