7058 matches found
Astra Linux – Vulnerability in imagemagick
In the CropImage and CropImageToTiles routines of MagickCore/transform.c, rounding calculations performed on unconstrained pixel offsets were causing undefined behavior, including integer overflow and out-of-range values, as reported by UndefinedBehaviorSanitizer. Such issues could negatively...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick, specifically in the code file coders/bmp.c. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned int. This likely leads to a disruption in the...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick within MagickCore/statistic.c. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in an excessively large value for the 64-bit type ssizet. This likely leads to a disruption in the application’s...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick within MagickCore/quantum.h. An attacker who submits a crafted file processed by ImageMagick could induce undefined behavior, resulting in values that are outside the range of type unsigned char. This likely leads to a disruption in the application’s...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick’s coders, specifically in the webp.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, including division by zero in mathematics. The most significant threat of this vulnerability is the impact on system...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt – Fixed the hungtask issue for PADATARESET We identified a hungtask bug in testaeadveccfg as follows: INFO: Task cryptomgrtest:391009 was blocked for more than 120 seconds. Enabling the echo 0...
Astra Linux – Vulnerability in ffmpeg5
It was discovered that FFmpeg version n6.1 contains a heap buffer overflow vulnerability in the drawblockrectangle function of libavfilter/vfcodecview.c. This vulnerability allows attackers to cause undefined behavior or a Denial of Service DoS attack through crafted inputs...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: Avoid out-of-bounds shifts. UBSAN encounters undefined behavior in blk-iocost, where sometimes iocg-delay is shifted right by a number that is too large, resulting in undefined behavior on some architectures. 186.5565...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.10, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: schhfsc: made hfscqlennotify idempotent. hfscqlennotify itself is not idempotent, and it is not friendly to its callers, like fqcodeldequeue. We need to make it idempotent to ease the work of qdisctreereducebacklog callers: 1...
Astra Linux – Vulnerability in Firefox, Thunderbird
Sandbox escape due to undefined behavior, invalid pointer in the Graphics:Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: added a range check for connrspepid in htcconnectservice. I have identified the following bugs in my fuzzer: UBSAN: Array index out of bounds in drivers/net/wireless/ath/ath9k/htchst.c:26:51 Index 255 is out of range...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick, specifically in the MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned long. This likely leads to a disruption in t...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick’s MagickCore/statistic.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of type unsigned long. This likely affects the availability of the application, but ...
Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1
In the Linux kernel, the following vulnerability has been resolved: serial: 8250: omap: Do not skip resource freeing if pmruntimeresumeandget fails. Returning an error code from .remove causes the driver core to emit a rather useless error message: remove callback returned a non-zero value. This...
Astra Linux – Vulnerability in imagemagick
A floating-point mathematical calculation within the ScaleAnyToQuantum function in /MagickCore/quantum-private.h could lead to undefined behavior, resulting in a value that falls outside the range of the type unsigned long long. This flaw can be triggered by a malicious input file under certain...
Astra Linux – Vulnerability in imagemagick
A flaw was discovered in ImageMagick in the coders/txt.c file. An attacker who submits a crafted file processed by ImageMagick could trigger undefined behavior, resulting in values that are outside the range of the type unsigned long long. This likely leads to a disruption in the application’s...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fixed an uninitialized flag for AV/C deferred transactions. AV/C deferred transactions were supported at commit 00a7bb81c20f “ALSA: firewire-lib: add support for deferred transactions”. However, the ‘deferrabl...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh – explicitly zeroizes privatekey. The privatekey is overwritten with the key parameter passed in by the caller if present, or alternatively with a newly generated private key. However, it is possible that the caller...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: f2fs: fixed to avoid out-of-bounds access in f2fstruncateinodeblocks syzbot reports an UBSAN issue as follows: ------------ cut here --- UBSAN: Array-index out-of-bounds in fs/f2fs/node.h:381:10 Index 18446744073709550692 is out ...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: bcache: Fixed the abuse of variable-length arrays in btreeiter. btreeiter is used in two ways: either allocated on the stack with a fixed size MAXBSETS, or from a mempool with a dynamic size based on the specific cache set...