Astra Linux – Vulnerability in DjVuLibre

A out-of-bounds write vulnerability was discovered in DjVuLibre, specifically in the function DjVU::DjVuTXT::decode in DjVuText.cpp. A crafted DjVU file can trigger this issue, leading to a crash or segmentation fault. This flaw affects DjVuLibre versions prior to 3.5.28...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Media: MediTech; vcodec: Cannot set dstbuffer to done when a late decoding error occurs. The core thread will call v4l2m2mbufdone to set the dstbuffer as done for the late architecture. If v4l2m2mbufdoneandjobfinish is called lat...

Astra Linux – Vulnerability in hdf5

A violation of bounds was detected in H5Ofillnewdecode and H5Ofillolddecode within H5Ofill.c in the HDF HDF5 1.10.2 library. This could allow a remote denial of service or information disclosure attack...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: accel/qaic: Improved the bounds checking in decodemessage by copying the bounds checking from encodemessage to decodemessage. This patch addresses the following issues: - Ensure that there is enough space for at least one...

Astra Linux – Vulnerability in libtomcrypt

In LibTomCrypt version 1.18.2, the derdecodeutf8string function located in derdecodeutf8string.c does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service such as out-of-bounds reads and crashes or to read information from other...

Astra Linux – Vulnerability in cjson

In versions of cJSON 1.5.0 through 1.7.18, the decodearrayindexfrompointer function in cJSONUtils.c allows for out-of-bounds access. This vulnerability allows remote attackers to bypass array bounds checking and access restricted data through malformed JSON pointer strings containing alphanumeric...

Astra Linux – Vulnerability in yajl

In the yajl-ruby gem version 1.3.0 for Ruby, when a properly crafted JSON file is provided to Yajl::Parser.new.parse, the entire Ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This causes the entire Ruby process to terminate, potentially leading to a denial ...

Astra Linux – Vulnerability in hdf5

HDF5 versions 1.14.3 and earlier contain a buffer overflow vulnerability in H5Olinfodecode, which leads to corruption of the instruction pointer and causes denial of service or potential code execution...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a global-buffer-overflow issue was observed during FreeRDP’s Base64 decoding process. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char values are treated...

Astra Linux – Vulnerability in Firefox

A null pointer dereference may have occurred inadvertently in pk12util, specifically in the SECASN1DecodeItemUtil function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox 133 and Thunderbird 133...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been identified in gstgdkpixbufdecflush within gstgdkpixbufdec.c. This function invokes memcpy, using outpix as the destination address. outpix is expected to point to the fra...

Astra Linux – Vulnerability in ffmpeg

The decodeframe function in libavcodec/exr.c in FFmpeg 4.3.1 has a buffer overflow due to errors in calculating when to perform memset zero operations...

Astra Linux – Vulnerability in DjVuLibre

A flaw was discovered in djvulibre-3.5.28 and earlier. A heap buffer overflow occurs in the function DJVU::GBitmap::decode, due to a malicious djvu file, which may lead to the application crashing and other related issues...

Astra Linux – Vulnerability in libsdl2

In SDL Simple DirectMediaLayer versions 2.x through 2.0.9, there is a heap-based buffer over-read issue in the FillIMAADPCMblock function, caused by an integer overflow in the IMAADPCMDecode function in the audio/SDLwave.c file...

Astra Linux – Vulnerability in libstb

It was discovered that stbimage.h v2.27 contains a heap-based use-after-free issue due to the stbijpeghuffdecode function...

Astra Linux – Vulnerability in Golang-1.15

In Go, encoding/xml in versions before 1.15.9 and 1.16.x before 1.16.1 may lead to an infinite loop if a custom TokenReader used for xml.NewTokenDecoder returns EOF midway through an element. This issue can occur in the Decode, DecodeElement, or Skip methods...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurred in the decoding process of the ClearCodec band when crafted band coordinates allowed writes beyond the end of the destination surface buffer. A malicious server...

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurred in the RDPGFX ClearCodec decode path, where maliciously crafted residual data caused out-of-bounds writes during color output. A malicious server could trigger a...

Astra Linux – Vulnerability in libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. A heap-based buffer overflow is possible in the function WebPDecodeRGBInto due to an invalid check for buffer size. The greatest threat from this vulnerability is related to data confidentiality and integrity, as well as system...

Astra Linux – Vulnerability in gst-plugins-base1.0

GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the gstopusdecparseheader function within gstopusdec.c. The pos array is a stack-allocated buffer of size 64. If nchannels exceeds 64, the for loop will write beyond the...