CVE-2025-2174: 
Linux Debian vulnerability analysis and mitigation

A vulnerability was discovered in libzvbi up to version 0.2.43, identified as CVE-2025-2174. The vulnerability affects the function vbistrndupiconvucs2 in src/conv.c, where manipulation of the srclength parameter can lead to an integer overflow. The issue was disclosed on March 11, 2025, and can be exploited remotely (NVD, GitHub Advisory).

The vulnerability is classified as an integer overflow vulnerability (CWE-190) that can lead to a heap buffer overflow. The issue occurs in the vbistrndupiconvucs2 function within src/conv.c when handling the srclength parameter. The vulnerability has received a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L (NVD).

If exploited, this vulnerability could lead to a denial of service condition through application crashes. The integer overflow could potentially result in memory corruption, which might affect the availability of the system (NVD).

The vulnerability has been patched in libzvbi version 0.2.44. Users are advised to upgrade to this version. The fix is implemented in commit ca1672134b3e2962cd392212c73f44f8f4cb489f, which adds proper checks to prevent integer overflow conditions (GitHub Commit, GitHub Release).