Astra Linux – Vulnerability in libmysofa

A buffer overflow in the readDataVar function in hdf/dataobject.c within Symonics’ libmysofa 0.5 – 1.1 allows attackers to execute arbitrary code through a crafted SOFA...

Astra Linux – Vulnerability in exempi

A buffer overflow vulnerability exists in WEBPSupport.cpp in exempi 2.5.0 and earlier, allowing remote attackers to cause a denial of service by opening crafted webp files...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwc-qos: Disable split header for Tegra194 There is a long-standing issue with the Synopsys DWC Ethernet driver for Tegra194, where random system crashes have been observed 0. The problem occurs when the split header...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy to prevent buffer overflow Coverity reports a possible buffer overflow issue. However, given the ‘static’ scope of nvidiasetupi2cbus, it seems that this issue cannot occur after examining the...

Astra Linux – Vulnerability in pillow

In versions 8.2.0 and earlier of Pillow, as well as versions 1.1.7 and earlier of PIL Python Imaging Library, an attacker can pass controlled parameters directly into the convert function, thereby triggering a buffer overflow in Convert.c...

Astra Linux – Vulnerability in libde265

A buffer overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code through the SAO Sample Adaptive Offset processing of libde265...

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A missing size check was added in amdgpudebugfsgprwaveread. This prevents a potential buffer overflow if the size exceeds 4K. Cherry-picked from the commit f5d873f5825b40d886d03bd2aede91d4cf002434...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: tuners: qt1010: Replace BUGON with a regular error message. BUGON is unnecessary here, and it also causes confusion in the smatch function. Replacing BUGON with an error message helps to resolve this issue. Warning:...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fixed an issue where PCM OSS buffer allocation might overflow. We have received reports of situations where INTMAX overflow occurs during memory allocation using vmalloc, specifically in the function sndpcmplugalloc...

Astra Linux – Vulnerability in Zabbix

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files using zbxjsonopen...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: crypto: scomp – fixed the req-dst buffer overflow issue. The size of the req-dst buffer should be checked before copying data from scompscratch-dst to avoid the req-dst buffer overflow problem...

Astra Linux – Vulnerability in uriparser

A issue was discovered in uriparser through 0.9.7. The ComposeQueryEngine in UriQuery.c has an integer overflow due to long keys or values, resulting in a buffer overflow...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: samples/bpf: Buffer overflow has been fixed in tcpbasertt. Using sizeofnv or strlennv+1 is correct...

Astra Linux – Vulnerability in python-cryptography

In the cryptography package for Python before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could lead to integer overflows and buffer overflows, as demonstrated by the Fernet class...

Astra Linux – Vulnerability in GhostScript

A heap-based buffer overwrite vulnerability was discovered in the lp8000printpage function of GhostScript, located in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a specially crafted PDF file, triggering a heap buffer overflow that could lead to memory corruption...

Astra Linux – Vulnerability in GhostScript

A issue was discovered in Artifex Ghostscript prior to version 10.05.0. The NPDL device has a Compression buffer overflow in the contrib/japanese/gdevnpdl.c file...

Astra Linux – Vulnerability in ffmpeg5

When decoding an OpenEXR file that uses DWAA or DWAB compression, there is an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy operation will loop at positions 0 and 1, continuing to write until a multiple of 8 i...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevents stack overflow in mlxbfi2csmbusstarttransaction The memcpy function is called in a loop, without checking the upper bound of 'operation-length', and 'dataidx' is also incremented...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing relied on cbData/remaining length, and never validated against the minimum size implied by cx/cy. A malicious server could trigger a client-side global buffer overflow, resulting in a crash...

Astra Linux – Vulnerability in libde265

It was discovered that Libde265 v1.0.8 contains a heap-buffer-overflow vulnerability through the putepel16fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service DoS attack using a specially crafted video file...