SB2025122321 - Multiple vulnerabilities in IBM Watson Speech Services Cartridge
Published: December 23, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2025-4516)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when using the bytes.decode("unicode_escape", error="ignore|replace") function call. A remote attacker can pass a specially crafted input to the application and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2025-8291)
The vulnerability allows a remote attacker to extract files into arbitrary locations on the system.
The vulnerability exists due to the zipfile module does not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value when extracting files. A remote attacker can use a specially crafted zip file to extract data into arbitrary locations on the system.
3) Resource management error (CVE-ID: CVE-2025-6069)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the html.parser.HTMLParser class. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2025-59375)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger large dynamic memory allocations via a small document and perform a denial of service (DoS) attack.
5) Integer overflow (CVE-ID: CVE-2025-47268)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an integer overflow within the ping command when handling ICMP Echo Reply packets. A remote attacker can trick the victim to ping a malicious server, trigger an integer overflow and crash the application.
6) Integer overflow (CVE-ID: CVE-2025-48964)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in ping. A remote attacker can send a specially crafted ICMP Echo Reply packet to trigger an integer overflow and crash the application.
7) Path traversal (CVE-ID: CVE-2025-45582)
The vulnerability allows a local user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A local user can trick the victim into opening a specially crafted HTTP request and read arbitrary files on the system.
8) Cryptographic issues (CVE-ID: CVE-2024-7531)
The vulnerability allows a remote attacker to gain access to sensitive information.
Calling PK11_Encrypt() in NSS using CKM_CHACHA20 and the same buffer for input and output can result in plaintext on an Intel Sandy Bridge processor. In Firefox this only affects the QUIC header protection feature when the connection is using the ChaCha20-Poly1305 cipher suite. The most likely outcome is connection failure, but if the connection persists despite the high packet loss it could be possible for a network observer to identify packets as coming from the same source despite a network path change.
9) Stack-based buffer overflow (CVE-ID: CVE-2023-39804)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xattr_decoder() function in xheader.c. A remote attacker can trick the victim to open a specially crafted tar/pax archive with an overly long xattr key, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Input validation error (CVE-ID: CVE-2022-33070)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the parse_tag_and_wiretype() function in protobuf-c/protobuf-c.c. A remote attacker can trick the victim to open a specially crafted file, cause an invalid arithmetic shift and perform a denial of service (DoS) attack.
11) Heap-based buffer overflow (CVE-ID: CVE-2022-0530)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Out-of-bounds write (CVE-ID: CVE-2022-0529)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing zip archives during the conversion of a UTF-8 string to a local string. A remote attacker can create a specially crafted zip file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
13) NULL pointer dereference (CVE-ID: CVE-2021-4217)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in unzip when handling Unicode strings. A remote attacker can trick the victim to open a specially crafted archive and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.