Kodi, a media player and entertainment hub, has been updated to fix multiple security vulnerabilities. The issues include a heap buffer overflow vulnerability (CVE-2023-23082) that allows attackers to cause a denial of service, as well as a divide-by-zero issue (CVE-2023-30207) discovered in crafted MP3 files. For Debian GNU/Linux 11 (Bullseye) LTS users, the problems have been fixed in version 2:19.1+dfsg2-2+deb11u2.

[DLA 4423-1] kodi security update

[SECURITY] [DLA 4423-1] kodi security update

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4423-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Abhijith PA
December 28, 2025 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package : kodi
Version : 2:19.1+dfsg2-2+deb11u2
CVE ID : CVE-2023-23082 CVE-2023-30207

Multiple vulnerabilities have been discovered in Kodi, a media-player
and entertainment hub.

CVE-2023-23082

A heap buffer overflow vulnerability in Kodi allows attackers to
cause a denial of service due to an improper length of the value
passed to the offset argument.

CVE-2023-30207

A divide by zero issue discovered in Kodi allows attackers to
cause a denial of service via use of crafted mp3 file

For Debian 11 bullseye, these problems have been fixed in version
2:19.1+dfsg2-2+deb11u2.

We recommend that you upgrade your kodi packages.

For the detailed security status of kodi please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/kodi

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS