Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: Fix for a potential overflow in amufiesetup. The function cpufreqgetHWmaxfreq returns the maximum frequency in kHz as an unsigned int. However, the function freqinvsetmaxratio receives this frequency in Hz as an...

Astra Linux – Vulnerability in ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, there is an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy operation will loop at positions 0 and 1, continuing to write until a multiple of 8 i...

Astra Linux – Vulnerability in lz4

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: The vendor states that “only a few specific/rare uses of the API are at risk.”...

Astra Linux – Vulnerability in libde265

Libde265 v1.0.4 contains a heap buffer overflow in the mcchroma function, which can be exploited through a specially crafted file...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: perf: Check the return value of findfirstbit We must check the return value of findfirstbit before using its value as an index array, as it may cause the array to overflow, leading to a panic: 107.318430 Kernel BUG 1...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: It is necessary to use ktimet instead of int when dealing with timestamps. Code that interacts with timestamps needs to use the ktimet type returned by functions like ktimeget. The int type does not provide enough spa...

Astra Linux – Vulnerability in exiv2

In Exiv2 0.26, the Exiv2::PsdImage::readMetadata method in psdimage.cpp of the PSD image reader may suffer from a denial-of-service attack infinite loop caused by an integer overflow through a specially crafted PSD image file...

Astra Linux – Vulnerability in ffmpeg5

FFmpeg v.n6.1-3-g466799d4f5 allows for memory consumption when using the colorcorrect filter, specifically in the avmalloc function located at line 105:9 of the libavutil/mem.c file...

Astra Linux – Vulnerability in GIMP

A flaw was discovered in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP may be tricked into generating serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in Media Feeds in Google Chrome prior to version 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption through a crafted HTML page...

Astra Linux – Vulnerability in SOX

A heap buffer overflow vulnerability was discovered in sox, specifically in the startread function at sox/src/hcom.c:160:41. This flaw can lead to denial of service, code execution, or information disclosure...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nrpages calculation overflow in filemapmappages When running stress-ng on my Arm64 machine with v7.0-rc3 kernel, I encountered some very strange crash issues that appeared as “Bad page state”: "734.496287 BUG: Ba...

Astra Linux – Vulnerability in Memcached

A buffer overflow vulnerability in the authfile.c memcached 1.6.9 allows attackers to cause a denial of service through a crafted authentication file...

Astra Linux – Vulnerability in zbar

There is a heap-based buffer overflow in the qrreadermatchcenters function of ZBar 0.23.90. specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To exploit this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERFHESSTOPPED flag checking in riscvpmustart Since commit 096b52fd2bb4 "perf: RISC-V: throttle perf events", the perfsampleeventtook function was added to report time spent in overflow interrupts. If the...

Astra Linux – Vulnerability in TeXeVe-bin

It was discovered that texlive-bin commit c515e contains a heap buffer overflow vulnerability through the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service DoS by providing a malicious TTF file...

Astra Linux – Vulnerability in SOX

A vulnerability was discovered in SoX, where a heap buffer overflow occurs in the startread function in the hcom.c file. This vulnerability can be exploited by using a specially crafted hcomn file, which may cause the application to crash...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: fix potential skb-frags overflow in the RX path When receiving data in the DPMAIF RX path, the t7xxdpmaifsetfragtoskb function adds page fragments to an skb without checking whether the number of fragments has...

Astra Linux – Vulnerability in klibc

A issue was discovered in klibc before version 2.0.9. Multiple potential integer overflows in the cpio command on 32-bit systems could lead to a buffer overflow or other security issues...