Astra Linux – Vulnerabilities in Linux, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: cdcncm: Handling too low values of dwNtbOutMaxSize. Currently, in cdcncmchecktxmax, if dwNtbOutMaxSize is lower than the calculated “minimum” value but greater than zero, the logic sets txmax to dwNtbOutMaxSize. This value i...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.14 contains a heap-buffer-overflow vulnerability in the derivecombinedbipredictivemergingcandidates function at motion.cc...

Astra Linux – Vulnerability in GIMP

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow attacks. Through a specially crafted XCF file, the program will allocate a large amount of memory, leading to insufficient memory resources or the program crashing...

Astra Linux – Vulnerability in xrdp

xrdp is an open-source project that provides a graphical login to remote machines using the Microsoft Remote Desktop Protocol RDP. xrdp versions prior to 0.9.21 contain a buffer overflow in the audinsendopen function. There are no known workarounds for this issue. Users are advised to upgrade...

Astra Linux – Vulnerability in liblouis

A buffer overflow vulnerability has been discovered in Liblouis v.3.24.0. This vulnerability allows a remote attacker to cause a denial of service through the loulogFile function at the logginc.c endpoint...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstavisubtitleparsegab2chunk function within gstavisubtitle.c. This function reads the namelength value directly from the input file without properly checking it. As a...

Astra Linux – Vulnerability in Firefox and Thunderbird

Integer overflow in the SVG component. This vulnerability was fixed in Firefox 143, Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow...

Astra Linux – Vulnerability in libsdl2, libsdl1.2

There is a heap overflow issue in the video/SDLpixels.c file in SDL Simple DirectMedia Layer versions 2.x to 2.0.18. By creating a malicious .BMP file, an attacker can cause the application using this library to crash, result in a denial of service, or lead to code execution...

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: topology: Fix for a potential overflow in amufiesetup. The function cpufreqgetHWmaxfreq returns the maximum frequency in kHz as an unsigned int. However, the function freqinvsetmaxratio receives this frequency in Hz as an...

Astra Linux – Vulnerability in ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, there is an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy operation will loop at positions 0 and 1, continuing to write until a multiple of 8 i...

Astra Linux – Vulnerability in lz4

LZ4 before 1.9.2 has a heap-based buffer overflow in LZ4write32 related to LZ4compressdestSize, affecting applications that call LZ4compressfast with a large input. This issue can also lead to data corruption. NOTE: The vendor states that “only a few specific/rare uses of the API are at risk.”...

Astra Linux – Vulnerability in libde265

Libde265 v1.0.4 contains a heap buffer overflow in the mcchroma function, which can be exploited through a specially crafted file...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Drivers: perf: Check the return value of findfirstbit We must check the return value of findfirstbit before using its value as an index array, as it may cause the array to overflow, leading to a panic: 107.318430 Kernel BUG 1...

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: It is necessary to use ktimet instead of int when dealing with timestamps. Code that interacts with timestamps needs to use the ktimet type returned by functions like ktimeget. The int type does not provide enough spa...

Astra Linux – Vulnerability in exiv2

In Exiv2 0.26, the Exiv2::PsdImage::readMetadata method in psdimage.cpp of the PSD image reader may suffer from a denial-of-service attack infinite loop caused by an integer overflow through a specially crafted PSD image file...

Astra Linux – Vulnerability in ffmpeg5

FFmpeg v.n6.1-3-g466799d4f5 allows for memory consumption when using the colorcorrect filter, specifically in the avmalloc function located at line 105:9 of the libavutil/mem.c file...

Astra Linux – Vulnerability in GIMP

A flaw was discovered in GIMP when processing certain TGA image files. If a user opens one of these image files that has been specially crafted by an attacker, GIMP may be tricked into generating serious memory errors, potentially leading to crashes and causing a heap buffer overflow...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in Media Feeds in Google Chrome prior to version 90.0.4430.212 allowed an attacker who convinced a user to enable certain features in Chrome to potentially exploit heap corruption through a crafted HTML page...