Astra Linux – Vulnerability in Raptor2

In the Raptor RDF Syntax Library version 2.0.16, there is an integer underflow issue when normalizing a URI using the turtle parser in the raptorurinormalizepath function...

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed an integer overflow issue while processing the acdirmax mount option. The user-provided mount parameter acdirmax, of type u32, is intended to have an upper limit. However, before this limit is validated, the value is...

Astra Linux – Vulnerability in klibc

A issue was discovered in klibc before version 2.0.9. Additions in the malloc function may lead to an integer overflow, followed by a heap buffer overflow...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: A integer overflow has been fixed in rxgkverifyresponse. In rxgkverifyresponse, there is a potential integer overflow due to rounding the tokenlen value up before checking it. This allows the length check to be bypassed...

Astra Linux – Vulnerability in Python 3.7

A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...

Astra Linux – Vulnerability in libavif

In libavif before version 1.3.0, the makeRoom function in stream.c has an integer overflow, resulting in a buffer overflow at stream-offset+size...

Astra Linux – Vulnerability in Qemu

QEMU prior to version 8.2.0 has an integer underflow issue, which can lead to a buffer overflow. This occurs due to a TI command, where a transfer length that is not a DMA transfer is processed, and the actual transfer length is shorter than the length of the available FIFO data. This issue arise...

Astra Linux – Vulnerability in WebKit2GTK

A flaw was discovered in WebKitGTK and WPE WebKit. This vulnerability allows for an out-of-bounds read and integer underflow, resulting in a UIProcess crash DoS through a crafted payload sent to the GLib remote inspector server...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN issue may occur: BUG: KASAN: Out-of-bounds access in parseintegerlimit+0x103/0x130...

Astra Linux – Vulnerability in poppler, poppler-22

Poppler prior to and including version 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image may lead to a crash or the execution of arbitrary code. This is similar to the vulnerability...

Astra Linux – Vulnerability in libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...

Astra Linux – Vulnerability in libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of v1.14.52 in the GNOME Project’s G Structured File Library libgsf. A specially crafted file can lead to an integer overflow, allowing for a heap-based buffer overflow when processing the sector...

Astra Linux – Vulnerability in openexr

An integer overflow that leads to a heap-buffer overflow was discovered in the DwaCompressor of OpenEXR in versions prior to 3.0.1. An attacker could exploit this flaw to crash an application compiled with OpenEXR...

Astra Linux – Vulnerability in edk2

EDK2 contains a vulnerability in the BIOS, where a user can cause an Integer Overflow or Wrap-around error through network means. Successful exploitation of this vulnerability may lead to a denial of service...

Astra Linux – Vulnerability in Qt4-X11

An integer overflow vulnerability exists in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allowing local attackers to cause a denial of service DoS attack...

Astra Linux – Vulnerability in vlc

An integer overflow in the VNC module of the VideoLAN VLC Media Player, as of version 3.0.17.4, allows attackers to exploit this vulnerability by tricking users into opening a specially crafted playlist or connecting to a malicious VNC server. This can result in the crash of the VLC player or the...

Astra Linux – Vulnerability in GIMP

GIMP PNM File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: BPF: Protection against integer overflows for stack access sizes This patch reintroduces protection against access to stack memory having a negative value. The access size can appear negative due to overflow in its signed integer...

Astra Linux – Vulnerability in uriparser

A issue was discovered in uriparser through 0.9.7. The ComposeQueryEngine in UriQuery.c has an integer overflow due to long keys or values, resulting in a buffer overflow...

Astra Linux – Vulnerability in binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...