Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: BPF: Protection against integer overflows when accessing stack memory. This patch reintroduces protection against the situation where the size of memory accessed via the stack is negative. The access size can appear negative due ...

Astra Linux - уязвимость в libx11, libxpm

A vulnerability was discovered in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: NFSD: prevents integer overflow on 32-bit systems. On a 32-bit system, the operation “len sizeofp” can lead to an integer overflow...

Astra Linux - уязвимость в libsdl2

SDL Simple DirectMediaLayer from version 2.0.12 has an integer overflow issue, which leads to heap corruption when using SDLBlitCopy in the video/SDLblitcopy.c file, due to a specially crafted .BMP file...

Astra Linux - уязвимость в git

Git is a distributed revision control system. The gitattributes command allows for the definition of attributes for certain file paths. These attributes can be defined by adding a .gitattributes file to the repository, which contains a set of file patterns and the attributes that should be applie...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: gpio: gpio-xilinx: Fix integer overflow The current implementation cannot configure more than 32 pins due to an incorrect data type. Therefore, type casting using unsigned long is used to avoid this issue...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed an issue of signed integer overflow in l2tpip6sendmsg. When len = INTMAX - transhdrlen, the value of ulen = len + transhdrlen will cause an overflow. To address this issue, we can follow the approach used by udpv6 and...

Astra Linux - уязвимость в aom

Integer overflows in the libaom internal function imgallochelper can lead to heap buffer overflows. This function can be accessed through three callers: Calling aomimgalloc with a large value of the dw, dh, or align parameter may result in integer overflows during the calculations of buffer sizes...

Astra Linux – Vulnerability in libstb

STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may cause memory writes to exceed the allocated heap buffer in startdecoder. The root cause of this issue is a potential integer overflow in sizeofchar f-commentlistlength, which may...

Astra Linux - уязвимость в linux-5.10, linux

In rndisqueryoid in drivers/net/wireless/rndiswlan.c within the Linux kernel, from version 6.1.5 onwards, there is an integer overflow in a mathematical operation...

Astra Linux – Vulnerability in klibc

A issue was discovered in klibc before version 2.0.9. An integer overflow in the cpio command may lead to a NULL pointer dereferencing on 64-bit systems...

Astra Linux - уязвимость в poppler, poppler-22

Poppler prior to and including version 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image may lead to a crash or the execution of arbitrary code. This is similar to the vulnerability...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: crypto: cavium – prevents integer overflow during firmware loading The value of “codelength” comes from the firmware file. If your firmware is untrusted, there’s probably very little you can do to protect yourself. Nevertheless, ...

Astra Linux - уязвимость в openexr

An integer overflow could occur when OpenEXR processes a crafted file on systems where sizet is less than 64 bits. This could result in invalid bytesPerLine and maxBytesPerLine values, which may lead to issues with application stability or other attack vectors...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: acct: A potential integer overflow has been fixed in encodecompt. The integer overflow is described with the following code: c 317 static compt encodecomptu64 value 318 319 int exp, rnd; ...... 341 exp 342 exp += value; 343 retur...

Astra Linux - уязвимость в libksba

A vulnerability was discovered in the Libksba library due to an integer overflow within the CRL parser. This vulnerability can be exploited remotely to execute code on the target system by passing specially crafted data to the application, such as a malicious S/MIME attachment...

Astra Linux - уязвимость в curl

An integer overflow vulnerability exists in the tooloperate.c file of curl 7.65.2, which can be exploited by using a large value as the retry delay. NOTE: Many reports indicate that this does not have a direct security impact on the curl user. However, it may in theory cause a denial of service t...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15, linux-5.10

Integer overflow or wrap-up vulnerability in the Linux kernel on Linux, x86, and ARM md, raid, raid5 modules allows for forced integer overflow...

Astra Linux - уязвимость в ffmpeg

An integer overflow vulnerability exists in the avtimecodemakestring function in libavutil/timecode.c within FFmpeg version 4.3.2. This vulnerability allows local attackers to cause a Denial-of-Service DoS attack through a crafted .mov file...

Astra Linux - уязвимость в sox

A issue was discovered in libsox.a within SoX 14.4.2. In sox-fmt.h, within the startread function, there is an integer overflow in the result of integer addition with a wrap around to 0 passed into the lsxcalloc macro that wraps around to malloc. When a NULL pointer is returned, it is used withou...