7532 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: BPF: Freeing special fields when updating lru,percpuhash maps Since lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to ‘bpfobjfreefields’ in ‘pcpucopyvalue’ could cause the memory referenced by BPFKPTRREF,PERCPU fiel...
Astra Linux – Vulnerability in LCMS2
In Little CMS lcms2 version 2.18, there is an integer overflow in the CubeSize function in cmslut.c, as the overflow check is performed after the multiplication operation...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: The migrate type of all pageblocks during coalescence needs to be changed. When a page is freed, it coalesces with a buddy page into a higher-order page whenever possible. When the migrate type of the buddy page...
Astra Linux – Vulnerability in openexr
OpenEXR provides the specification and reference implementation of the EXR file format, a image storage format used in the motion picture industry. From version 3.4.0 to before version 3.4.8, a properly crafted B44 or B44A EXR file could cause an out-of-bounds write in any application that decode...
Astra Linux – Vulnerability in hdf5
HDF5 through 1.14.3 contains a stack buffer overflow issue in H5Rdecodeheap, which leads to corruption of the instruction pointer and causes denial of service or potential code execution...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: usbnet: Fixed the issue involving the use of smpprocessorid in preemptible code. Syzbot reported the following warning: BUG: Using smpprocessorid in preemptible 00000000 code: dhcpcd/2879. Caller: usbnetskbreturn+0x74/0x490,...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fbdev: In of: displaytiming, there is a fix for the refcount leak in ofgetdisplaytimings. The function ofparsephandle returns a devicenode with the refcount incremented. This value is stored in ‘entry’ and then copied to...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory was rendered to the screen, potentially exposing sensitive data to attackers. This issue has been fixed in version 3.24.2...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.0, there was a buffer overflow vulnerability in freerdpbitmapdecompressplanar when SrcSize was 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize is greater than or...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in the persistentcachereadentryv3 function in libfreerdp/cache/persistent.c, persistent-bmpSize was updated before winpralignedrecalloc. If realloc fails, bmpSize is inflated while bmpData points to the old...
Astra Linux – Vulnerability in pyjwt
PyJWT is an implementation of JSON Web Tokens in Python. Before version 2.12.0, PyJWT did not validate the Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a critical array listing extensions that PyJWT does not understand, the library accepts the token instead of...
Astra Linux – Vulnerability in freerdp3
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfclipboardformatequal read the freed lastSentFormats memory because xfclipboardformatsfree called from the cliprdr channel thread during auto-reconnect freed the array. Meanwhile, the X11 event thread...
Astra Linux – Vulnerability in ORC
A stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked into processing a specially crafted file using the affected ORC compiler, arbitrary code may be executed on the developer’s build environment. This may result in compromise ...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: smb: client: prevented races in -queryinterfaces It was possible for two query interfaces to simultaneously attempt to update the interfaces. This issue can be avoided by checking and updating ifacelastupdate under ifacelock...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: In the chips-media: wave5 module, the order of device cleanup was corrected to prevent kernel panic. The process of removing video devices was moved to the beginning of the removal function to ensure that all video operations are...
Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fixed potential overflow of PCM transfer buffer The PCM stream data in the USB-audio driver is transferred via USB URB packet buffers, and the size of each packet is determined dynamically. The packet sizes are...
Astra Linux – Vulnerability in imagemagick
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the UIL and XPM image encoder did not validate the pixel index value returned by GetPixelIndex before using it as an array subscript. In HDRI builds, Quantum is...
Astra Linux – Vulnerability in edk2
EDK2 contains a vulnerability in the BIOS, where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” through local access. Successful exploitation of this vulnerability could lead to possible information disclosure or escalation of privileges, thereby affecting...
Astra Linux – Vulnerability in glib2.0
A flaw was discovered in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, resulting in a denial of service or potential code execution through a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: procfs: Fixed a missing RCU protection when reading realparent in dotaskstat. When reading /proc/pid/stat, dotaskstat accesses task-realparent without proper RCU protection. This leads to the following sequence of events: cpu 0 c...