53977 matches found
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-dv-timings.c: fix too strict blanking sanity checks Sanity checks were added to verify the v4l2bttimings blanking fields in order to avoid integer overflows when the user space passes strange values. However, this...
Astra Linux - уязвимость в u-boot
Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur due to a crafted squashfs filesystem using sbrk, request2size, or because ptrdifft is mishandled on x8664...
Astra Linux - уязвимость в exiv2
In Exiv2 0.26, the Exiv2::PsdImage::readMetadata method in psdimage.cpp of the PSD image reader may suffer from a denial-of-service attack infinite loop caused by an integer overflow through a specially crafted PSD image file...
Astra Linux - уязвимость в vlc
An integer overflow in the VNC module of the VideoLAN VLC Media Player, as of version 3.0.17.4, allows attackers to exploit this vulnerability by tricking users into opening a specially crafted playlist or connecting to a malicious VNC server. This can result in the crash of the VLC player or the...
Astra Linux - уязвимость в imagemagick
There are 4 locations in HistogramCompare in MagickCore/histogram.c where integer overflow is possible during simple mathematical calculations. This occurs with the rgb values and the count value for a color. The patch uses casts to the ssizet type for these calculations, rather than using int...
Astra Linux - уязвимость в chromium
Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had access to a race condition to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Low...
Astra Linux - уязвимость в gst-plugins-bad1.0
GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...
Astra Linux - уязвимость в tiff
LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service application crash or potentially execute arbitrary code through a crafted TIFF image, which triggers a heap-based buffer overflow...
Astra Linux – Vulnerability in binutils
The loadspecificdebugsection function in objdump.c within GNU Binutils, as of version 2.31.1, contains an integer overflow vulnerability that can trigger a heap-based buffer overflow if a crafted section size is used...
Astra Linux - уязвимость в gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using BZIP decompression. Integer overflow in the Matroskademux element within the BZIP decompression function can cause a segfault, or it may lead to a heap overwrite, depending on the libc and operating system used. Depending on the libc used an...
Astra Linux - уязвимость в gst-plugins-good1.0
DOS: Potential heap overwrite during MKV demuxing using LZO decompression. Integer overflow in the Matroskademux element within the LZO decompression function can cause a segfault, or potentially a heap overwrite, depending on the libc and operating system. Depending on the libc used and the...
Astra Linux - уязвимость в heimdal, krb5
PAC parsing in MIT Kerberos 5 also known as krb5 before versions 1.19.4 and 1.20.x before version 1.20.1 contains integer overflows that may lead to remote code execution in the KDC, kadmind, or a GSS or Kerberos application server on 32-bit platforms. This results in a heap-based buffer overflow...
Astra Linux - уязвимость в lz4
There is a flaw in lz4. An attacker who submits a crafted file to an application that uses lz4 may be able to trigger an integer overflow, resulting in the call to memmove with a negative size argument. This can lead to an out-of-bounds write and/or a system crash. The most significant impact of...
Astra Linux - уязвимость в grub2
A flaw was discovered in grub2. When reading tar files, grub2 allocates an internal buffer for the file name. However, it fails to properly verify the allocation against possible integer overflows. It’s possible to cause the allocation length to overflow with a specially crafted tar file, resulti...
Astra Linux - уязвимость в linux-5.10
An integer overflow flaw was discovered in the Linux kernel’s virtio device driver code, where a user triggers the vhostvdpaconfigvalidate function. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed integer overflow in amdgpucspass1. The type of size is unsigned int. If size is 0x40000000, there will be an integer overflow. After size = sizeofuint32t, size will become zero, which may lead to referencing...
Astra Linux - уязвимость в glib2.0
A flaw was discovered in glib. Missing validation of the offset and count parameters in the gbufferedinputstreampeek function can lead to an integer overflow during length calculations. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy,...
Astra Linux - уязвимость в ffmpeg5
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, there is a potential security vulnerability due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in...
Astra Linux - уязвимость в grub2
When reading the .mo file in grubmofileopen, grub2 fails to verify an integer overflow during the allocation of its internal buffer. A specially crafted .mo file may cause the buffer size calculation to overflow, resulting in out-of-bound reads and writes. This flaw allows an attacker to leak...
Astra Linux - уязвимость в gst-plugins-base1.0
GStreamer EXIF Metadata Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may va...