Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libzvbi conv.c vbi_strndup_iconv_ucs2 integer overflow
Vulnerability Description
A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
整数溢出或超界折返
Vulnerability Title
libzvbi 输入验证错误漏洞
Vulnerability Description
libzvbi是zapping-vbi开源的一个 VBI 实用程序。 libzvbi 0.2.43及之前版本存在输入验证错误漏洞,该漏洞源于整数溢出,可能导致远程攻击。
CVSS Information
N/A
Vulnerability Type
N/A