| Package | zvbi |
|---|---|
| Version | 0.2.35-13+deb9u1 (stretch), 0.2.35-16+deb10u1 (buster) |
| Related CVEs | CVE-2025-2173 CVE-2025-2174 CVE-2025-2175 CVE-2025-2176 CVE-2025-2177 |
Several issues have been found in zvbi, a Vertical Blanking Interval decoder. CVE-2025-2173 is related to an uninitialized pointer in src/conv.c:: vbi_strndup_iconv_ucs2() The other issues are related to integer overflows in several functions distributed all over the code.
For Debian 10 buster, these problems have been fixed in version 0.2.35-16+deb10u1.
For Debian 9 stretch, these problems have been fixed in version 0.2.35-13+deb9u1.
We recommend that you upgrade your zvbi packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.