How severe is CVE-2025-2174?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-2174?

This is classified as CWE-189, which is a common weakness in software security.

CVE-2025-2174 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability was found in libzvbi up to 0.2.43. It has been declared as problematic. Affected by this vulnerability is the function vbi_strndup_iconv_ucs2 of the file src/conv.c. The manipulation of the argument src_length leads to integer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is named ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Related Vulnerabilities

CVE-2015-3223

MEDIUM

CVSS:5.3(Medium)

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero val...

CWE-1892015

CVE-2014-9915

MEDIUM

CVSS:5.5(Medium)

Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers to cause a denial of service (application crash) via a crafted 8BIM profile.

CWE-1892014

CVE-2016-5241

MEDIUM

CVSS:5.5(Medium)

magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service (arithmetic exception and application crash) via a crafted svg file.

CWE-1892016

CVE-2016-6242

MEDIUM

CVSS:5.5(Medium)

OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.

CWE-1892016

CVE-2016-9819

MEDIUM

CVSS:5.5(Medium)

libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CWE-1892016

CVE-2016-9820

MEDIUM

CVSS:5.5(Medium)

libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.

CWE-1892016