7.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-2177

CVE-2025-2177: A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability...

A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-2177

CVE-2025-2177:

7.3

CVSS Score

3.1

-

CVSS Score

Basic Information

Is this CVE running in your environment?

Easily map the attack path and prioritize which CVEs are a threat to your organization

Validate Exposure

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description explicitly names vbi_search_new in src/search.c as the affected function and pat_len as the manipulated argument leading to an integer overflow. The provided commit ca1672134b3e2962cd392212c73f44f8f4cb489f shows a clear modification in vbi_search_new to add a size check for pat_len before memory allocation. Specifically, the code esc_pat = malloc(sizeof(ucs2_t) * pat_len * 2) was vulnerable to pat_len being large enough to cause an integer overflow during the multiplication, resulting in a small allocation. The patch introduces check_size = (sizeof(ucs2_t) * pat_len * 2); if (pat_len > check_size) which, while a bit unusual as a direct overflow check for the multiplication itself, effectively caps pat_len to prevent the multiplication from overflowing in a way that results in a small allocation. The core issue is the uncontrolled multiplication involving pat_len used for memory allocation. Other functions (strndup_identity, strndup_utf8_ucs2 in src/conv.c, and vbi_capture_sim_load_caption in src/io-sim.c) were also patched with similar integer overflow checks, suggesting a broader effort to harden the codebase, but the primary reported vulnerability is tied to vbi_search_new.

The other functions modified in the commit also show similar integer overflow mitigations:

strndup_identity in src/conv.c:
- Patch: unsigned long check_buffer_size = (src_size + 4); if (src_size > check_buffer_size) return NULL; buffer = vbi_malloc (check_buffer_size);
- Reasoning: Similar to vbi_search_new, this function was vulnerable to an integer overflow if src_size was close to ULONG_MAX, causing src_size + 4 to wrap around, leading to a small allocation and potential heap overflow.
strndup_utf8_ucs2 in src/conv.c:
- Patch: unsigned long check_buffer_size = (src_length * 3 + 1); if (src_length > check_buffer_size) return NULL; buffer = vbi_malloc (check_buffer_size);
- Reasoning: Vulnerable to an integer overflow if src_length was large enough to cause src_length * 3 + 1 to wrap around, leading to a small allocation and potential heap overflow.
vbi_capture_sim_load_caption in src/io-sim.c:
- Patch: unsigned int check_buffer_size = (b->capacity + 256); if (b->capacity > check_buffer_size) return FALSE; if (!extend_buffer (b, check_buffer_size))
- Reasoning: Vulnerable to an integer overflow if b->capacity was close to UINT_MAX, causing b->capacity + 256 to wrap around, leading extend_buffer to potentially operate on an incorrectly sized buffer.

While the advisory specifically calls out vbi_search_new, the commit addresses the same class of vulnerability (integer overflow leading to heap overflow via allocation size calculation) in multiple functions. For the purpose of this analysis, focusing on the explicitly named function is primary, but the others are relevant as they were fixed in the same patch for the same type of underlying issue. The confidence for vbi_search_new is high due to the direct mention in the vulnerability description and the clear patch logic addressing the integer overflow for pat_len during memory allocation for esc_pat.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

Vulnerability Intelligence
Miggo AI

Unlock WAF rules for this CVE

Generate vendor-ready rules for the observed attack patterns, plus reasoning and safe deployment guidance

Get WAF rules

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.