Astra Linux - уязвимость в ffmpeg

A buffer overflow vulnerability exists in FFmpeg 4.2 in the movwritevideotag function, due to an out-of-bounds access in the libavformat/movenc.c file. This vulnerability could allow a remote malicious user to obtain sensitive information, cause a Denial of Service, or execute arbitrary code...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fixed buffer overflow issues for txbuf and ringxfer. The AD7923 was updated to support devices with 8 channels, but the sizes of txbuf and ringxfer were not adjusted accordingly, resulting in a potential buffer...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: BPF: Fixed an issue where reservations were advanced beyond their limit in the ringbuf structure. The BPF ring buffer is internally implemented as a circular buffer of a power-of-2 size. It contains two logical counters that are...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: atm: idt77252: prevent use after free in dequeuerx We cannot dereference “skb” after calling vcc-push, because the skb is released...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. When performing a symlink lookup from a romfs filesystem, grub’s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: A possible memory leak has been fixed in the allocatebuffersinternal function. The buffer within the loop should be released under the exception path; otherwise, a memory leak may occur. To mitigate...

Astra Linux - уязвимость в expat, firefox, thunderbird

In libexpat before version 2.7.4, the doContent function does not properly determine the buffer size bufSize, as there is no check for integer overflow during the reallocation of the tag buffer...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “Reapply ‘drm/qxl: simplify qxlfencewait’” This change reverts to the commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt reported: “I tried running my tests on my virtual machines, but the tests failed upon boot-up...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Do not create EA inodes under the buffer lock The ext4xattrsetentry function creates new EA inodes while holding the buffer lock on the external xattr block. This is problematic because all allocation-related locking...

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: xfs: Fixed the allocation of the log recovery buffer for the legacy hsize parameter. The commit a70f9fe52daa “xfs: detects and handles invalid iclog size settings provided by mkfs“” added a fix for incorrect hsize values used ...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Fixed the memory leak caused by slicing operations. The temporary buffer that stores slicing configuration data from the user is only freed in case of an error. This constitutes a memory leak. The buffer should be...

Astra Linux - уязвимость в linux-5.15

In the Linux kernel, the following vulnerability has been resolved: usb: early: xhci-dbc: Fixed a potential out-of-bound memory access issue. If xdbcbulkwrite fails, the values in ‘buf’ can be anything. Therefore, the string is not guaranteed to be NULL-terminated when xdbcTrace is called. Reserv...

Astra Linux - уязвимость в hdf5

HDF5 versions 1.14.3 and earlier contain a buffer overflow vulnerability in H5Olinfodecode, which leads to corruption of the instruction pointer and causes denial of service or potential code execution...

Astra Linux - уязвимость в u-boot

A issue was discovered in Das U-Boot during the period from 2019.07. There is a stack-based buffer overflow in the nfshandler reply helper function: nfslookupreply...

Astra Linux - уязвимость в u-boot

The U-Boot 2022.01 has a Buffer Overflow, a different issue compared to CVE-2022-30552...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: mxm-wmi: fixed a memory leak in the mxmwmicallmxds|mx function. The ACPI buffer memory out.pointer returned by wmievaluatemethod is not freed after the call, resulting in a memory leak. This issue occurs because the...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Tracing: Consider the NULL character when validating the event length. The strlen function returns the length of a string, excluding the null byte. If the string length equals the maximum buffer length, there will be no space lef...

Astra Linux - уязвимость в libcaca

A flaw was discovered in libcaca v0.99.beta19. A buffer overflow issue in the cacaresize function in libcaca/caca/canvas.c may allow for the execution of arbitrary code in the user context...

Astra Linux - уязвимость в binutils

Heap buffer overflow vulnerability in binutils’ readelf before version 2.40, caused by the function findsectioninset in the file readelf.c...

Astra Linux - уязвимость в glibc

The Name Service Cache Daemon’s nscd netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary...