Astra Linux – Vulnerability in WebKit2GTK

The issue was resolved through improved memory handling. This issue is fixed in Safari 17.3, iOS 16.7.5, and iPadOS 16.7.5; iOS 17.3, and iPadOS 17.3; macOS Sonoma 14.3; tvOS 17.3; and watchOS 10.3. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

A type confusion issue was addressed through improved checks. This issue has been fixed in Safari 17.3, iOS 15.8.7 and iPadOS 15.8.7, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3, macOS Monterey 12.7.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, tvOS 17.3, and visionOS 1.0.2. Processing...

Astra Linux – Vulnerability in WebKit2GTK

Integer overflow has been addressed through improved input validation. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, tvOS 17.5, and visionOS 1.2. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in iOS 16.6, iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, and watchOS 9.6. Processing web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in libgit2

libgit2 is a portable C implementation of the Git core methods, provided as a linkable library with a robust API. It allows for integrating Git functionality into your application. However, using properly crafted inputs to gitindexadd can lead to heap corruption, which may be exploited for...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2, iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, and iTunes 12.11 for Windows...

Astra Linux – Vulnerability in libtommath

An integer overflow vulnerability exists in the mpgrow function within the libtom library, as reported in commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9. This vulnerability allows attackers to execute arbitrary code and cause a denial of service DoS attack...

Astra Linux – Vulnerability in libnbd

A flaw was discovered in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier URI. This vulnerability arises because non-standard hostnames starting with ‘-o’ are incorrectly interpreted as arguments for the Secure Shell SSH...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4, and iPadOS 15.4, as well as tvOS 15.4. Processing maliciously crafted web content may...

Astra Linux – Vulnerability in openimageio

There are multiple memory corruption vulnerabilities in the IFFOutput alignment padding functionality of the OpenImageIO Project, specifically in OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger...

Astra Linux – Vulnerability in libfile-find-rule-perl

File::Find::Rule in Perl version 0.34 is vulnerable to arbitrary code execution when grep encounters a crafted filename. A file handle is opened using the 2-argument form of open, allowing an attacker-controlled filename to specify the MODE parameter, thereby turning the filename into an executab...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in tvOS 15.5, iOS 15.5, iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4, and Safari 15.5. Processing maliciously crafted web content may lead to...

Astra Linux – Vulnerability in WebKit2GTK

A memory management issue related to “use after free” operations has been addressed through improved memory management practices. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15, and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux – Vulnerability in exempi

The XMP Toolkit SDK version 2020.1 and earlier is affected by a buffer overflow vulnerability that may lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction, as the victim must open a specially crafted file...

Astra Linux – Vulnerability in Firefox, Thunderbird

Memory safety bugs exist in Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142, and Thunderbird 142. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability ha...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in psi/zfile.c in Artifex Ghostscript prior to version 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution...

Astra Linux – Vulnerability in Firefox

Memory safety bugs exist in Firefox 144 and Thunderbird 144. Some of these bugs exhibited signs of memory corruption, and we assume that with sufficient effort, some of these bugs could have been exploited to execute arbitrary code. This vulnerability has been fixed in Firefox 145 and Thunderbird...

Astra Linux – Vulnerability in WebKit2GTK

The issue was addressed through improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2, and iPadOS 17.7.2; iOS 18.1.1 and iPadOS 18.1.1; macOS Sequoia 15.1.1; and visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report...