Astra Linux – Vulnerability in xwayland, xorg-server

A buffer overflow vulnerability was discovered in X.Org and Xwayland. The code in XkbVModMaskText allocates a fixed-sized buffer on the stack and copies the names of the virtual modifiers to that buffer. The code fails to check the bounds of the buffer and will copy the data regardless of the siz...

Astra Linux – Vulnerability in xwayland, xorg-server

A heap overflow flaw was discovered in X.Org and Xwayland. The calculation of the length in XkbSizeKeySyms differs from what is stored in XkbWriteKeySyms, which may lead to a heap-based buffer overflow...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in the Reader Mode of Google Chrome prior to version 90.0.4430.212 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

A issue was discovered in the Linux kernel before version 6.0.11. Missing validation of the number of channels in the drivers/net/wireless/microchip/wilc1000/cfg80211.c file in the WILC1000 wireless driver can lead to a heap-based buffer overflow when copying the list of operating channels from...

Astra Linux – Vulnerability in xwayland, xorg-server

A buffer overflow vulnerability was discovered in X.Org and Xwayland. If the XkbChangeTypesOfKey function is called with a value of 0 for the “groups” parameter, it will resize the key symbol table to 0, but leave the key actions unchanged. If the same function is called later with a non-zero val...

Astra Linux – Vulnerability in gmp

The GNU Multiple Precision Arithmetic Arithmetic Library GMP version up to 6.2.1 has an integer overflow issue in the mpz/inpraw.c file, which can lead to a buffer overflow due to malicious input. This results in a segmentation fault on 32-bit platforms...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Avoid buffer overflow in currentpasswordstore If the ‘buf’ array received from the user contains an empty string, the ‘length’ variable will be zero. Accessing the ‘buf’ array element with index...

Astra Linux – Vulnerability in faad2

A issue was discovered in faad2 through 2.10.0. A heap-buffer-overflow exists in the function sbrqmfanalysis32 located in sbrqmf.c. This allows an attacker to cause code execution...

Astra Linux – Vulnerability in ntfs-3g

NTFS-3G versions prior to 2021.8.22 may experience a stack buffer overflow when correcting differences between the MFT Mounted File Table and MFTMirror. This can lead to code execution or an escalation of privileges when using the setuid-root account...

Astra Linux – Vulnerability in imagemagick

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coder/xpm.c in ImageMagick 7.0.10-7...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as an array index when the EIOINTCENABLE register is modified. This can lead to an array index overflow issue...

Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Handling too low values of dwNtbOutMaxSize. Currently, in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated “minimum” value but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This value i...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.14 contains a heap-buffer-overflow vulnerability in the derivecombinedbipredictivemergingcandidates function at motion.cc...

Astra Linux – Vulnerability in GIMP

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow attacks. Through a specially crafted XCF file, the program will allocate a large amount of memory, leading to insufficient memory resources or the program crashing...

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain a buffer overflow in the audinsendopen function. There are no known workarounds for this issue. Users are advised to upgrade...

Astra Linux – Vulnerability in liblouis

A buffer overflow vulnerability has been discovered in Liblouis v.3.24.0. This vulnerability allows a remote attacker to cause a denial of service through the loulogFile function at the logginc.c endpoint...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. This function reads the namelength value directly from the input file without properly checking it. As a...

Astra Linux – Vulnerability in Firefox and Thunderbird

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

Astra Linux – Vulnerability in libsdl2, libsdl1.2

There is a heap overflow issue in the video/SDLpixels.c file in SDL Simple DirectMedia Layer versions 2.x to 2.0.18. By creating a malicious .BMP file, an attacker can cause the application using this library to crash, result in a denial of service, or lead to code execution...