CVE-2024-57822: 
Linux Debian vulnerability analysis and mitigation

In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read vulnerability when parsing triples with the nquads parser in raptorntriplesparseterminternal() function. The vulnerability was discovered in January 2025 and affects the library's parsing functionality (NVD, Debian Bug).

The vulnerability manifests as a heap-based buffer over-read in the raptorntriplesparseterminternal() function when processing certain input files. The issue occurs specifically when parsing triples with the nquads parser. The vulnerability has been assigned a CVSS v3.1 Base Score of 4.0 (MEDIUM) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD).

When exploited, this vulnerability could allow an attacker to cause the Raptor library to crash, resulting in a denial of service condition. The impact is primarily limited to availability, with no direct impact on confidentiality or integrity (Ubuntu Notice).

The issue affects multiple versions of Ubuntu (20.04 LTS, 22.04 LTS, 24.04 LTS, and 24.10) and can be corrected by updating to the following package versions: Ubuntu 24.10: libraptor2-0 - 2.0.16-4ubuntu0.1, Ubuntu 24.04: libraptor2-0 - 2.0.16-3ubuntu0.1, Ubuntu 22.04: libraptor2-0 - 2.0.15-0ubuntu4.1, Ubuntu 20.04: libraptor2-0 - 2.0.15-0ubuntu1.20.04.2. A standard system update will make all the necessary changes (Ubuntu Notice).