Astra Linux - уязвимость в tiff

LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service application crash or potentially execute arbitrary code through a crafted TIFF image, which triggers a heap-based buffer overflow...

Astra Linux - уязвимость в webkit2gtk

Integer overflow has been addressed through improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, and iPadOS 15.2, as well as watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution...

Astra Linux - уязвимость в qemu

QEMU prior to version 8.2.0 has an integer underflow issue, which can lead to a buffer overflow. This occurs due to a TI command, where a transfer length that is not a DMA transfer is processed, and the actual transfer length is shorter than the length of the available FIFO data. This issue arise...

Astra Linux - уязвимость в imagemagick

A flaw was discovered in ImageMagick version 7.0.11. In this version, an integer overflow in the WriteTHUMBNAILImage function in the coders/thumbnail.c file may lead to undefined behavior when processing a specially crafted image file submitted by an attacker. The greatest threat posed by this...

Astra Linux - уязвимость в poppler, poppler-22

A floating-point exception in the PSStack::roll function of Poppler before version 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...

Astra Linux - уязвимость в ffmpeg5, ffmpeg

An integer overflow in the component /libavformat/westwoodvqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application through a malicious VQA file...

Astra Linux - уязвимость в gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. An integer underflow was detected in the extractccfromdata function within qtdemux.c. In the FOURCCc708 case, the subtraction of atomlength - 8 may result in an underflow if atomlength is less than 8. When this subtracti...

Astra Linux - уязвимость в imagemagick

There are 4 locations in HistogramCompare in MagickCore/histogram.c where integer overflow is possible during simple mathematical calculations. This occurs with the rgb values and the count value for a color. The patch uses casts to the ssizet type for these calculations, rather than using int...

Astra Linux - уязвимость в grub2

When reading the .mo file in grubmofileopen, grub2 fails to verify an integer overflow during the allocation of its internal buffer. A specially crafted .mo file may cause the buffer size calculation to overflow, resulting in out-of-bound reads and writes. This flaw allows an attacker to leak...

Astra Linux - уязвимость в python3.7

A flaw was discovered in Python. In algorithms with quadratic time complexity that use non-binary bases, when using int“text”, a system may take 50 milliseconds to parse an int string with 100,000 digits, and 5 seconds for strings with 1,000,000 digits. Functions like float, decimal, int.frombyte...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed integer overflow in amdgpucspass1. The type of size is unsigned int. If size is 0x40000000, there will be an integer overflow. After size = sizeofuint32t, size will become zero, which may lead to referencing...

Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net/sched: schfq: fix integer overflow of “credit” If schfq is configured with “initial quantum” having values greater than INTMAX, the first assignment of “credit” will cause signed integer overflow to a very negative value. In...

Astra Linux - уязвимость в linux-5.10, linux

A issue was discovered in the Linux kernel through version 6.0.10. In the l2capconfigreq function within net/bluetooth/l2capcore.c, there is an integer wraparound occurring when processing L2CAPCONFREQ packets...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: dvb-frontends: tda10048 – Fixed integer overflow. state-xtalhz can be up to 16M; when multiplied by pllmfactor, it may cause an integer overflow. A new 64-bit variable was created to store the calculations...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/i915/ttm: fixed handling of CCS Crucible + recent Mesa sometimes causes the following issue: GEMBUGONnumccsblks NUMCCSBLKSPERXFER It seems that this issue can also be triggered with gemlmemswapping, if we modify the tests ...

Astra Linux - уязвимость в uriparser

A issue was discovered in uriparser through 0.9.7. The ComposeQueryMallocExMm function in UriQuery.c has an integer overflow due to the use of a long string...

Astra Linux - уязвимость в libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of the GNOME Project G Structured File Library libgsf version v1.14.52. A specially crafted file can lead to an integer overflow when processing the directory from the file, allowing an out-of-bounds ind...

Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed for an integer overflow in sldnsstr2wirednamebuforigin, resulting in an out-of-bounds write. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...

Astra Linux - уязвимость в firefox, thunderbird, expat

The defineAttribute function in xmlparse.c of Expat also known as libexpat has an integer overflow before version 2.4.3...

Astra Linux - уязвимость в chromium

Integer overflow in Mojo in Google Chrome prior to version 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page...