CVE-2024-57823

CRITICAL

Librdf Raptor Rdf Syntax Library < 2.0.16 - Integer Underflow

Title source: rule

Description

In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path().

References (4)

[Mailing List] https://lists.debian.org/debian-lts-announce/2025/10/msg00023.html

[Exploit, Mailing List, Third Party Advisory] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067896

[Exploit, Issue Tracking] https://github.com/dajobe/raptor/issues/70

[Exploit, Third Party Advisory] https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.3

EPSS 0.0004

EPSS Percentile 11.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-191

Status published

Products (1)

librdf/raptor_rdf_syntax_library < 2.0.16

Published Jan 10, 2025

Tracked Since Feb 18, 2026