Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: BPF: The %p% format string is rejected in bprintf-like helpers. static const char fmt = "%p%"; bpfTracePrintkkernel, fmt, sizeoffmt; The above BPF program is not rejected, but it causes a kernel warning at runtime: “Please remove...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: rcu: A buffer overflow has been fixed in printcpustallinfo. The output from printcpustallinfo may cause a buffer overflow if there is a significant difference in “jiffies”. This might seem unlikely, but computers sometimes get ti...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Check the A-MSDU format more carefully. If it seems that there is another subframe within the A-MSDU, but the header is not fully present, we may end up reading data outside its expected range, which would then ne...

Astra Linux – Vulnerability in gdk-pixbuf

GNOME GdkPixbuf also known as GDK-PixBuf prior to version 2.42.8 allowed a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated in the io-gif-animation.c file’s compositeframe function. This overflow was controllable and could be exploited for code executio...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fixed the return value of createinformatblob createinformatblob is supposed to return a valid pointer or an error; it should never return NULL. The caller will dereference the blob if there is no error, and thus will...

Astra Linux – Vulnerability in libarchive

The executefilterdelta function in archivereadsupportformatrar.c in libarchive before version 3.7.5 allows for out-of-bounds access through a crafted archive file, as src may move beyond dst...

Astra Linux – Vulnerability in Pandoc

Pandoc is a Haskell library for converting between different markup formats, as well as a command-line tool that utilizes this library. Starting from version 1.13 and before version 3.1.4, Pandoc was vulnerable to a file-write vulnerability. This vulnerability could be exploited by including a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: usb: gadget: uvc: Fixed potential dereferencing of ERRPTR in uvcv4l2.c. Fixed potential dereferencing of ERRPTR in findformatbypix and uvcv4l2enumformat. Also, fixed the following matching errors:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed an issue where an index out of bounds could occur in the degamma hardware format translation. This issue was addressed by fixing the index out of bounds situation in the...

Astra Linux – Vulnerability in hdf5

A memory leak in the H5Odtypedecodehelper function within H5Odtype.c in the HDF HDF5 library from version 1.10.3 allows attackers to cause a denial of service due to excessive memory consumption, through an exploitable HDF5 file...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Added preemptcountsub,add to the btf id deny list. The recursion checks in bpfprogenter and bpfprogexit leave preemptcountsub,add unprotected. When attaching a trampoline to them, a panic occurs as follows: 867.843050 BUG...

Astra Linux – Vulnerability in hdf5

A SIGFPE signal was raised in the function H5Dchunksetinforeal of H5Dchunk.c in the HDF HDF5 1.10.3 library during an attempt to parse a crafted HDF file, due to incorrect protection against division by zero. This issue is distinct from CVE-2018-11207...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm: mxsfb: Fix NULL pointer dereference mxsfb should never dereference a NULL pointer, as drmatomicgetnewbridgestate may return such a pointer. Instead, a fixed format should be used instead...

Astra Linux – Vulnerability in Poppler

Versions of Poppler from 24.06.1 through 25.x, prior to 25.04.0, allowed stack consumption and a SIGSEGV due to deeply nested structures within the metadata of a PDF document such as GTSPDFEVersion. This issue occurred in functions like Dict::lookup, Catalog::getMetadata, and related functions in...

Astra Linux - уязвимость в orc

Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of...

Astra Linux - уязвимость в gst-plugins-ugly1.0

GStreamer ASF Demuxer Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...

Astra Linux – Vulnerability in GIMP

A flaw was discovered in GIMP when processing XCF image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP may be tricked into generating serious memory errors, potentially leading to crashes and causing use-after-free issues...

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions prior to 7.1.2-0 and 6.9.13-26, using the magick stream command in ImageMagick, specifying multiple consecutive %d format specifiers in a filename template caused a memory leak. Versions...

Astra Linux – Vulnerability in openimageio

There is a heap-based buffer overflow vulnerability in the tile decoding code of the TIFF image parser in OpenImageIO’s master-branch-9aeece7a and v2.3.19.0. A specially crafted TIFF file can lead to out-of-bounds memory corruption, which may result in arbitrary code execution. An attacker can...

Astra Linux – Vulnerability in fig2dev

A stack-based buffer overflow in the genpstrxtext component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS by converting an xfig file into pstricks format...