Main Vulnerability Database SB2025082618

SB2025082618 - Fedora 44 update for Macaulay2, ags, bullet, cppcheck, docparser, dvblinkremote, fuse-encfs, gazebo, lgogdownloader, libmediainfo, linbox, linux-sgx, musescore, openmw, rarian, tinyxml2, urdfdom, vdr-epg2vdr, vdr-osd2web, xrootd-s3-http

Published: August 26, 2025

Security Bulletin ID SB2025082618

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reachable assertion (CVE-ID: CVE-2024-50614)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the XMLUtil::GetCharacterRef() function in tinyxml2.cpp. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2025-7c42801720

Vulnerable Software

Fedora: 44
xrootd-s3-http: before 0.4.1-4.fc44
vdr-osd2web: before 0.3.2-19.fc44
vdr-epg2vdr: before 1.2.17-8.fc44
urdfdom: before 4.0.2-2.fc44
tinyxml2: before 11.0.0-1.fc44
rarian: before 0.8.6-4.fc44
openmw: before 0.49.0-6.fc44
musescore: before 4.3.2-21.fc44
linux-sgx: before 2.26-4.fc44
linbox: before 1.7.1-2.fc44
libmediainfo: before 25.04-3.fc44
lgogdownloader: before 3.16-5.fc44
gazebo: before 10.2.0-15.fc44
fuse-encfs: before 1.9.5-26.fc44
dvblinkremote: before 0.2.0-0.37.beta.fc44
docparser: before 1.0.16-3.fc44
cppcheck: before 2.18.1-2.fc44
bullet: before 3.08-15.fc44
ags: before 3.6.2.12-4.fc44
Macaulay2: before 1.25.06-3.fc44