Astra Linux – Vulnerability in CGal

There are multiple code execution vulnerabilities in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted, malformed file can lead to an out-of-bounds read and type confusion, which may result in code execution. An attacker can provide malicious input to trigger a...

Astra Linux – Vulnerability in gpac

A vulnerability has been discovered in GPAC 2.5-DEV-rev228-g11067ea92-master. This vulnerability affects the xmtnodeend function in the src/scenemanager/loaderxmt.c file of the MP4Box component. The vulnerability allows for data to be accessed after it has been freed from memory, requiring local...

Astra Linux – Vulnerability in glibc

A vulnerable environment variable in the Untrusted LDLIBRARYPATH setting in the GNU C Library, versions 2.27 to 2.38, allows attackers to control the loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or...

Astra Linux – Vulnerability in gst-plugins-good1.0

DOS: Potential heap overwrite during MKV demuxing using Zlib decompression. Integer overflow occurs in the matroskademux element within the gstmatroskadecompressdata function, which can cause a segfault—or potentially a heap overwrite, depending on the libc and operating system. Depending on the...

Astra Linux – Vulnerabilities in Firefox, Thunderbird, NSS

After accepting an untrusted certificate, handling an empty PKCS7 sequence as part of the certificate data could have led to a crash. This crash is believed to be exploitable. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been discovered in gstwavparseadtlchunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. A...

Astra Linux – Vulnerability in libksba

A vulnerability was discovered in the Libksba library due to an integer overflow within the CRL parser. This vulnerability can be exploited remotely to execute code on the target system by passing specially crafted data to the application, such as a malicious S/MIME attachment...

Astra Linux – Vulnerability in ffmpeg5

A vulnerability was discovered in FFmpeg up to version 7.0.1. It has been classified as critical. This issue affects the pnmDecodeFrame function in the /libavcodec/pnmdec.c library. The vulnerability causes a heap-based buffer overflow. The attack can be initiated remotely. The exploit has been...

Astra Linux – Vulnerability in gtk+3.0, gtk+2.0

A flaw was discovered in the GTK library. Under certain conditions, it is possible for a library to be injected into a GTK application from the current working directory...

Astra Linux – Vulnerability in golang-github-prometheus-client-golang

clientgolang is the instrumentation library for Go applications in Prometheus. The promhttp package within clientgolang provides tools for working with HTTP servers and clients. Prior to version 1.11.1 of clientgolang, HTTP servers were vulnerable to Denial of Service attacks due to unbounded...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: libceph: The calctarget function should set t-paused, rather than simply clearing it. Currently, calctarget clears t-paused if the request should no longer be paused. However, it never sets t-paused, even though it can determine...

Astra Linux – Vulnerability in libde265

Libde265 1.0.9 has a heap buffer overflow vulnerability in de265image::setSliceAddrRSint, int, int...

Astra Linux – Vulnerability in hdf5

There is an out-of-bounds read vulnerability in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially crafted GIF file can lead to code execution. An attacker can provide a malicious file to exploit this vulnerability...

Astra Linux – Vulnerability in Dbus

A issue was discovered in D-Bus before 1.12.24, 1.13.x, and 1.14.x, before 1.14.4, and 1.15.x, before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format...

Astra Linux – Vulnerability in Firefox and Thunderbird

A compromised web process was able to trigger unauthorized reads and writes in a more privileged process by using manipulated WebGL textures. This vulnerability has been fixed in Firefox 144, Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird 144, and Thunderbird 140.4...

Astra Linux – Vulnerability in cjson

In versions of cJSON 1.5.0 through 1.7.18, the decodearrayindexfrompointer function in cJSONUtils.c allows for out-of-bounds access. This enables remote attackers to bypass array bounds checking and access restricted data through malformed JSON pointer strings containing alphanumeric characters...

Astra Linux – Vulnerability in opensc

Buffer overflow issues were identified in Opensc before version 0.22.0 in various locations, which could potentially cause programs using the library to crash...

Astra Linux – Vulnerability in yaml-cpp

The Scanner::EnsureTokensInQueue function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service stack consumption and application crash through a crafted YAML file...

Astra Linux – Vulnerability in yaml-cpp

The SingleDocParser::HandleFlowMap function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...

Astra Linux – Vulnerability in glibc

There exists an exploitable signed comparison vulnerability in the ARMv7 memcpy implementation of GNU glibc 2.30.9000. Calling memcpy on ARMv7 targets that utilize the GNU glibc implementation with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attack...