libzvbi Uninitialized Pointer Vulnerability in vbi_strndup_iconv_ucs2 Function
Vulnerability
A vulnerability exists in libzvbi versions prior to 0.2.44, specifically in the vbi_strndup_iconv_ucs2 function within src/conv.c. The issue arises from the manipulation of the src_length argument, which can lead to an uninitialized pointer vulnerability. This flaw can be exploited remotely, allowing attackers to read uninitialized data from the heap, potentially leading to memory corruption or other malicious outcomes.
Impact
Exploitation of this vulnerability causes an uninitialized pointer read, which can lead to reading sensitive information from memory or causing a crash.
Reproduction
To reproduce this vulnerability, send a user-controlled length of zero for the src_length argument in the vbi_strndup_iconv_ucs2 function. This will trigger the function to read uninitialized data from a minimum-sized chunk on the heap.
Remediation
Users are advised to upgrade to libzvbi version 0.2.44, which addresses this vulnerability. The updated version is available on the project's GitHub repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.