Main Vulnerability Database SB2025082619

SB2025082619 - Fedora 43 update for Macaulay2, ags, bullet, cppcheck, docparser, dvblinkremote, fuse-encfs, gazebo, lgogdownloader, libmediainfo, linbox, linux-sgx, musescore, openmw, rarian, tinyxml2, urdfdom, vdr-epg2vdr, vdr-osd2web, xrootd-s3-http

Published: August 26, 2025

Security Bulletin ID SB2025082619

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Reachable assertion (CVE-ID: CVE-2024-50614)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion within the XMLUtil::GetCharacterRef() function in tinyxml2.cpp. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://bodhi.fedoraproject.org/updates/FEDORA-2025-9b8c8ca077

Vulnerable Software

Fedora: 43
xrootd-s3-http: before 0.4.1-4.fc43
vdr-osd2web: before 0.3.2-19.fc43
vdr-epg2vdr: before 1.2.17-8.fc43
urdfdom: before 4.0.2-2.fc43
tinyxml2: before 11.0.0-1.fc43
rarian: before 0.8.6-4.fc43
openmw: before 0.49.0-6.fc43
musescore: before 4.3.2-21.fc43
linux-sgx: before 2.26-4.fc43
linbox: before 1.7.1-2.fc43
libmediainfo: before 25.04-3.fc43
lgogdownloader: before 3.16-5.fc43
gazebo: before 10.2.0-15.fc43
fuse-encfs: before 1.9.5-26.fc43
dvblinkremote: before 0.2.0-0.37.beta.fc43
docparser: before 1.0.16-3.fc43
cppcheck: before 2.18.1-2.fc43
bullet: before 3.08-15.fc43
ags: before 3.6.2.12-4.fc43
Macaulay2: before 1.25.06-3.fc43