2480 matches found
CVE-2026-42146
CVE-2026-42146 affects the CImg Library (C++) where the nb_colors field read from BMP headers is used to compute an allocation size without validating against the remaining file size, enabling an out-of-memory condition when loading crafted untrusted BMPs. A patch (commit c3aacf5) fixes the issue...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackh323: Added protection against bmp length being out of range. The UBSAN load reports an exception due to bitwise shifts that are out of bounds for their data type. For example: vmlinux getbitmapb=75 + 712...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: The issue related to GPF in bitmapgetstats has been fixed. The commit message for commit 6ec1f0239485 “md/md-bitmap: fix stats collection for external bitmaps” states: “Remove the external bitmap check, as statistic...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: exfat: Fixed the divide-by-zero issue in exfatallocatebitmap. The variable maxracount can be 0 in exfatallocatebitmap. This can cause a divide-by-zero error in the subsequent modulo operation i % maxracount, resulting in a system...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
A issue was discovered in the drivers/input/input.c file within the Linux kernel before version 5.17.10. An attacker can cause a denial of service panic if inputsetcapability mishandles situations where an event code falls outside of a bitmap...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: Regenerate the buddy structure after block freeing fails when under fc replay. This fix primarily reverts to commit 6bd97bf273bd “ext4: Remove redundant mbregeneratebuddy”, and reintroduces the function mbregeneratebuddy...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: KVM: x86: Fixed a stack-out-of-bounds memory access from ioapicwriteindirect. KASAN reports the following issue: BUG: In kvmmakevcpusrequestmask+0x174/0x440 kvm, there is a stack-out-of-bounds situation. A read of size 8 at...
Astra Linux - уязвимость в linux
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Proper handling is implemented to indicate a failure when ending a failed write request. This patch addresses a data corruption bug in raid1 arrays that utilize bitmaps. Without this fix, the bitmap bits for failed I/O...
Astra Linux - уязвимость в freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, the function freerdpbitmapdecompressplanar did not validate the parameters nSrcWidth/nSrcHeight against the values of planar-maxWidth/maxHeight before performing the RLE decompression. A malicious server cou...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: A missing range check was added in bitmapipuadt. When tbIPSETATTRIPTO is not present, but tbIPSETATTRCIDR exists, the values of ip and ipto are slightly swapped. As a result, the range check for ip should be...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fixed a crash in the AP internal function modifybitmap A system crash occurred as follows: Failure address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault occurred in the home space mode while using the kernel ASCE...
Astra Linux - уязвимость в imagemagick
ImageMagick is a open-source software suite for displaying, converting, and editing raster image files. In versions of ImageMagick prior to 7.1.2-7 and 6.9.13-32, there is an integer overflow vulnerability in the BMP decoder on 32-bit systems. The vulnerability occurs in the coders/bmp.c file,...
Astra Linux - уязвимость в libsdl2
SDL Simple DirectMedia Layer through 2.0.12 has an Integer Overflow and resultant SDLmemcpy heap corruption in SDLBlitCopy in video/SDLblitcopy.c via a crafted .BMP file...
Astra Linux - уязвимость в linux-5.15
In the Linux kernel 6.0.8, there is a use-after-free in ntfstrimfs in fs/ntfs3/bitmap.c...
Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU3 stuck for 26s!...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: Adjust the subpage bit start based on the sector size. When running machines with a 64k page size and a 16k node size, we began to encounter tree log corruption in production. This occurred because we sometimes did not wri...
Astra Linux - уязвимость в linux-5.10, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: exfat: Check if the cluster number is valid. Syzbot reported a slab-out-of-bounds read in exfatclearbitmap. This issue was triggered when the reproducer called truncute with a size of 0, resulting in the following error messag...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerabilities have been resolved: x86/iopl: Fixed inconsistencies in TIFIOBITMAP The function iobitmapexit is called from exitthread, when a task exists or when a fork fails. In the latter case, exitthread cleans up resources that were allocated during fork...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux
In the Linux kernel, the following vulnerability has been resolved: dm mirror log: The bitsetsize is rounded up to BITSPERLONG. The code in dm-log rounds up bitsetsize to 32 bits. Then, it uses findnextzerobitle on the allocated region. findnextzerobitle accesses the bitmap using unsigned long...
Astra Linux - уязвимость в poppler, poppler-22
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc...