{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Medium" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"zvbi security update", "category":"general", "title":"Synopsis" }, { "text":"An update for zvbi is now available for openEuler-24.03-LTS", "category":"general", "title":"Summary" }, { "text":"The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide range of formats, has functions to decode several popular services including Teletext and Closed Caption, a Teletext cache with search function, various text export and rendering functions.\n\nSecurity Fix(es):\n\nA vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.(CVE-2025-2173)", "category":"general", "title":"Description" }, { "text":"An update for zvbi is now available for openEuler-24.03-LTS.\n\nopenEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Medium", "category":"general", "title":"Severity" }, { "text":"zvbi", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1331", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1331" }, { "summary":"CVE-2025-2173", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2173&packageName=zvbi" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2025-2173" }, { "summary":"openEuler-SA-2025-1331 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1331.json" } ], "title":"An update for zvbi is now available for openEuler-24.03-LTS", "tracking":{ "initial_release_date":"2025-03-29T14:31:48+08:00", "revision_history":[ { "date":"2025-03-29T14:31:48+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-03-29T14:31:48+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-03-29T14:31:48+08:00", "id":"openEuler-SA-2025-1331", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"openEuler-24.03-LTS", "name":"openEuler-24.03-LTS" }, "name":"openEuler-24.03-LTS", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-0.2.42-4.oe2403.aarch64.rpm", "name":"zvbi-0.2.42-4.oe2403.aarch64.rpm" }, "name":"zvbi-0.2.42-4.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-debuginfo-0.2.42-4.oe2403.aarch64.rpm", "name":"zvbi-debuginfo-0.2.42-4.oe2403.aarch64.rpm" }, "name":"zvbi-debuginfo-0.2.42-4.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-debugsource-0.2.42-4.oe2403.aarch64.rpm", "name":"zvbi-debugsource-0.2.42-4.oe2403.aarch64.rpm" }, "name":"zvbi-debugsource-0.2.42-4.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-devel-0.2.42-4.oe2403.aarch64.rpm", "name":"zvbi-devel-0.2.42-4.oe2403.aarch64.rpm" }, "name":"zvbi-devel-0.2.42-4.oe2403.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-help-0.2.42-4.oe2403.aarch64.rpm", "name":"zvbi-help-0.2.42-4.oe2403.aarch64.rpm" }, "name":"zvbi-help-0.2.42-4.oe2403.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-0.2.42-4.oe2403.src.rpm", "name":"zvbi-0.2.42-4.oe2403.src.rpm" }, "name":"zvbi-0.2.42-4.oe2403.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-0.2.42-4.oe2403.x86_64.rpm", "name":"zvbi-0.2.42-4.oe2403.x86_64.rpm" }, "name":"zvbi-0.2.42-4.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-debuginfo-0.2.42-4.oe2403.x86_64.rpm", "name":"zvbi-debuginfo-0.2.42-4.oe2403.x86_64.rpm" }, "name":"zvbi-debuginfo-0.2.42-4.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-debugsource-0.2.42-4.oe2403.x86_64.rpm", "name":"zvbi-debugsource-0.2.42-4.oe2403.x86_64.rpm" }, "name":"zvbi-debugsource-0.2.42-4.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-devel-0.2.42-4.oe2403.x86_64.rpm", "name":"zvbi-devel-0.2.42-4.oe2403.x86_64.rpm" }, "name":"zvbi-devel-0.2.42-4.oe2403.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:24.03-LTS" }, "product_id":"zvbi-help-0.2.42-4.oe2403.x86_64.rpm", "name":"zvbi-help-0.2.42-4.oe2403.x86_64.rpm" }, "name":"zvbi-help-0.2.42-4.oe2403.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-0.2.42-4.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.aarch64", "name":"zvbi-0.2.42-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-debuginfo-0.2.42-4.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.aarch64", "name":"zvbi-debuginfo-0.2.42-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-debugsource-0.2.42-4.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.aarch64", "name":"zvbi-debugsource-0.2.42-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-devel-0.2.42-4.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.aarch64", "name":"zvbi-devel-0.2.42-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-help-0.2.42-4.oe2403.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.aarch64", "name":"zvbi-help-0.2.42-4.oe2403.aarch64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-0.2.42-4.oe2403.src.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.src", "name":"zvbi-0.2.42-4.oe2403.src as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-0.2.42-4.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.x86_64", "name":"zvbi-0.2.42-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-debuginfo-0.2.42-4.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.x86_64", "name":"zvbi-debuginfo-0.2.42-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-debugsource-0.2.42-4.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.x86_64", "name":"zvbi-debugsource-0.2.42-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-devel-0.2.42-4.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.x86_64", "name":"zvbi-devel-0.2.42-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-24.03-LTS", "product_reference":"zvbi-help-0.2.42-4.oe2403.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.x86_64", "name":"zvbi-help-0.2.42-4.oe2403.x86_64 as a component of openEuler-24.03-LTS" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2025-2173", "notes":[ { "text":"A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.src", "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.src", "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.x86_64" ], "details":"zvbi security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1331" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.aarch64", "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.src", "openEuler-24.03-LTS:zvbi-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-debuginfo-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-debugsource-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-devel-0.2.42-4.oe2403.x86_64", "openEuler-24.03-LTS:zvbi-help-0.2.42-4.oe2403.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2025-2173" } ] }