Astra Linux – Vulnerability in giflib

Before February 16, 2019, a malformed GIF file would trigger a divide-by-zero exception in the decoder function DGifSlurp in dgiflib.c, especially when the height field of the ImageSize data structure was equal to zero...

Astra Linux – Vulnerability in libxpm

A vulnerability was discovered in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer function. This flaw allows a local attacker to trigger an out-of-bounds read error and read the contents of memory on the system...

Astra Linux – Vulnerability in Firefox and Thunderbird

A compromised web process was able to trigger unauthorized reads and writes in a more privileged process by using manipulated WebGL textures. This vulnerability has been fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

Astra Linux – Vulnerability in OpenCV

A issue was discovered in OpenCV 4.1.0. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in the modules/objdetect/src/hog.cpp module...

Astra Linux – Vulnerability in binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is an integer overflow and an infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...

Astra Linux – Vulnerability in lxml

Lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html allowed certain crafted script content to pass through, as well as script content in SVG files embedded using data URIs. Users who use the HTML Cleaner in a security-related...

Astra Linux – Vulnerability in glib2.0

A issue was discovered in GNOME GLib before versions 2.66.7 and 2.67.x before version 2.67.4. If the gbytearraynewtake function was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2^32, resulting in unintended length truncation...

Astra Linux – Vulnerability in pillow

In imagingcms.c within Pillow, before version 10.3.0, a buffer overflow exists because strcpy is used instead of strncpy...

Astra Linux – Vulnerability in Ruby 2.5

In Ruby, the CGI::Cookie.parse method used from version 2.6.8 mishandles security prefixes in cookie names. This issue also affects the CGI gem used from version 0.3.0 in Ruby...

Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, resulting in a denial of service or potential code execution through a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Astra Linux – Vulnerability in gpac

A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...

Astra Linux – Vulnerability in glibc

A vulnerable environment variable in the Untrusted LDLIBRARYPATH setting in the GNU C Library, versions 2.27 to 2.38, allows attackers to control the loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or...

Astra Linux – Vulnerability in ICU

A stack buffer overflow was detected in the International components for Unicode ICU. While running the genrb binary, the ‘subtag’ structure exceeded its limit at the SRBRoot::addTag function. This issue may lead to memory corruption and the execution of arbitrary local code...

Astra Linux – Vulnerability in gst-plugins-good1.0

DOS: Potential heap overwrite during MKV demuxing using Zlib decompression. Integer overflow occurs in the matroskademux element within the gstmatroskadecompressdata function, which can cause a segfault—or potentially a heap overwrite, depending on the libc and operating system. Depending on the...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, NSS

After accepting an untrusted certificate, handling an empty PKCS7 sequence as part of the certificate data could have led to a crash. This crash is believed to be exploitable. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. A...

Astra Linux – Vulnerability in libksba

A vulnerability was discovered in the Libksba library due to an integer overflow within the CRL parser. This vulnerability can be exploited remotely to execute code on the target system by passing specially crafted data to the application, such as a malicious S/MIME attachment...

Astra Linux – Vulnerability in ffmpeg5

A vulnerability was discovered in FFmpeg up to version 7.0.1. It has been classified as critical. This issue affects the pnmDecodeFrame function in the /libavcodec/pnmdec.c library. The vulnerability causes a heap-based buffer overflow. The attack can be initiated remotely. The exploit has been...