An update for zvbi is now available for openEuler-20.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-1329 Final 1.0 1.0 2025-03-29 Initial 2025-03-29 2025-03-29 openEuler SA Tool V1.0 2025-03-29 zvbi security update An update for zvbi is now available for openEuler-20.03-LTS-SP4 The ZVBI library provides functions to read from Linux V4L, V4L2 and FreeBSD BKTR raw VBI capture devices, from Linux DVB devices and from a VBI proxy to share V4L and V4L2 VBI devices between multiple applications. It can demodulate raw to sliced VBI data in software, with support for a wide range of formats, has functions to decode several popular services including Teletext and Closed Caption, a Teletext cache with search function, various text export and rendering functions. Security Fix(es): A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.(CVE-2025-2173) An update for zvbi is now available for openEuler-20.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium zvbi https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1329 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-2173 https://nvd.nist.gov/vuln/detail/CVE-2025-2173 openEuler-20.03-LTS-SP4 zvbi-0.2.35-9.oe2003sp4.aarch64.rpm zvbi-debuginfo-0.2.35-9.oe2003sp4.aarch64.rpm zvbi-debugsource-0.2.35-9.oe2003sp4.aarch64.rpm zvbi-devel-0.2.35-9.oe2003sp4.aarch64.rpm zvbi-help-0.2.35-9.oe2003sp4.aarch64.rpm zvbi-0.2.35-9.oe2003sp4.src.rpm zvbi-0.2.35-9.oe2003sp4.x86_64.rpm zvbi-debuginfo-0.2.35-9.oe2003sp4.x86_64.rpm zvbi-debugsource-0.2.35-9.oe2003sp4.x86_64.rpm zvbi-devel-0.2.35-9.oe2003sp4.x86_64.rpm zvbi-help-0.2.35-9.oe2003sp4.x86_64.rpm A vulnerability was found in libzvbi up to 0.2.43. It has been classified as problematic. Affected is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to uninitialized pointer. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as 8def647eea27f7fd7ad33ff79c2d6d3e39948dce. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional. 2025-03-29 CVE-2025-2173 openEuler-20.03-LTS-SP4 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N zvbi security update 2025-03-29 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1329