Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick, specifically in the files MagickCore/colorspace-private.h and MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned char, and...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick, specifically in the file MagickCore/quantum-export.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the unsigned long long type, as well as a shift exponent...

Astra Linux – Vulnerability in imagemagick

The function WritePALMImage in /coders/palm.c uses sizet type conversions in several parts of the calculation. This could lead to values that are outside the range of the representable type unsigned long, resulting in undefined behavior when a malicious input file is processed by ImageMagick...

Astra Linux - уязвимость в firefox

The ShmemCharMapHashEntry code was susceptible to potentially undefined behavior by bypassing the move semantics for one of its data members. This vulnerability affects Firefox versions less than 126...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerabilities have been resolved: capabilities: Defined behavior in bit shifting for CAPTOMASK was fixed. Shifting a signed 32-bit value by 31 bits is undefined; therefore, the significant bit was changed to unsigned. The UBSAN warning during call tracing is a...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Assign -num before accessing -hws The commit f316cdff8d67 “clk: Annotate struct clkhwonecelldata with countedby annotated the hws member of struct clkhwonecelldata with countedby. This informs the bounds sanitizer ...

Astra Linux - уязвимость в firefox, thunderbird

The ShutdownObserver function was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: rtlwifi: 8192cu: fixed a situation where TID was out of range in rtl92cu TxFillDesc. The TID obtained from ieee80211gettid might be out of range of the array size of staEntry-tids, so check that TID is less than...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15

A flaw was discovered in the Framebuffer Console fbcon within the Linux kernel. When values greater than 32 are provided for font-width and font-height in the fbconsetfont function, due to lack of proper checks, an out-of-bounds situation may occur, resulting in undefined behavior and potentially...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021623)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021623 advisory. In the Linux kernel, the following vulnerability has been resolved: lib/fonts: fix undefined behavior in bit shift for getdefaultfont Shifting signed 32-bit value by...

UBUNTU-CVE-2026-5947

Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG0, it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached as would occur during a query...

FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker could exploit this vulnerability by sending a specially crafted RDP message. This can lead to an undefined behavior where a wrapped value is used as a shift exponent, causing an approximately ...

Undefined Behavior for Input to API

Overview Affected versions of this package are vulnerable to Undefined Behavior for Input to API in the comparator function responsible for ordering Datagram Transport Layer Security DTLS packets by sequence numbers. An attacker can cause unstable packet ordering or undefined behavior by sending...

Linux Distros Unpatched Vulnerability : CVE-2026-42327

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from...

DEBIAN-CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

UBUNTU-CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

CVE-2026-42327

The CVE-2026-42327 vulnerability affects rust-openssl bindings for OpenSSL, where X509Ref::ocsp_responders returns OCSP responder URLs from the AIA extension. In versions 0.9.7 through before 0.10.79, the code constructs &str from IA5String bytes using an unchecked UTF-8 assumption, allowing non-...

EUVD-2026-30474

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...