Userninpwn

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A problem has been found in the function `vbi strndup iconv ucs2` of the file src/conv.c. The manipulation of the argument `src length` leads to an uninitialized pointer. It is possible to launch the attack remotely. The issue has been disclosed to the public. The code maintainer was informed beforehand about the issues and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the `vbi strndup iconv ucs2` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A critical issue has been found that affects the `vbi search new` function in the src/search.c file. The manipulation of the `pat len` argument leads to an integer overflow. This issue can be exploited remotely. The code maintainer was informed about the issues beforehand and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the `vbi search new` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A problem has been found in the function `vbi strndup iconv ucs2` of the file src/conv.c. The manipulation of the argument `src length` leads to an integer overflow. This issue can be exploited remotely. The code maintainer was informed about the issues beforehand and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the `vbi strndup iconv ucs2` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A vulnerability was found in the function ` vbi strndup iconv`. The manipulation leads to integer overflow. The attack may be launched remotely. **Recommendations** For libzvbi versions 0.2.43 and earlier, upgrade to version 0.2.44 to address this issue. As a temporary workaround, consider restricting the use of the ` vbi strndup iconv` function until the update is applied.

**Name of the Vulnerable Software and Affected Versions** libzvbi versions 0.2.43 and earlier **Description** A critical issue has been found in libzvbi, affecting the `vbi capture sim load caption` function in the src/io-sim.c file. This issue leads to an integer overflow and can be initiated remotely. The code maintainer was informed beforehand and reacted quickly and professionally. **Recommendations** For libzvbi versions 0.2.43 and earlier, update to version 0.2.44 to address this issue. As a temporary workaround, consider disabling the `vbi capture sim load caption` function until the update is applied.