Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: ALSA: wavefront: Fixed integer overflow in sample size validation The wavefrontsendsample function has a problem with integer overflow when validating sample size. The header-size field is of type u32, but it is cast to int for...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a signed-integer-overflow bug in tcpaddbacklog The types of skrcvbuf and sksndbuf within the struct sock structure are int. In tcpaddbacklog, the limit for the buffer size is calculated by adding skrcvbuf, sksndbuf, an...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: crypto: marvell/octeontx – prevents integer overflows The value of “codelength” comes from the firmware file. If your firmware is untrusted, there’s likely very little you can do to protect yourself. Nevertheless, we still try...

Astra Linux - уязвимость в ffmpeg

An integer overflow vulnerability exists in the function filterrobert in libavfilter/vfconvolution.c in Ffmpeg 4.2.1. Attackers can exploit this vulnerability to cause a Denial of Service or other unspecified impacts...

Astra Linux - уязвимость в gst-plugins-ugly1.0

GStreamer RealMedia File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: um: Fixed potential integer overflow during physmem setup. This issue occurs when the real map size is greater than LONGMAX, and it can be easily triggered on UML/i386...

Astra Linux - уязвимость в poppler, poppler-22

Poppler prior to and including version 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image may lead to a crash or the execution of arbitrary code. This is similar to the vulnerability...

Astra Linux - уязвимость в libavif

In libavif before version 1.3.0, the avifImageRGBToYUV function in reformat.c contains integer overflows during multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

Astra Linux - уязвимость в qt4-x11

An integer overflow vulnerability exists in qsvghandler.cpp in Qt qtsvg versions 5.15.1, 6.0.0, 6.0.2, and 6.2, allowing local attackers to cause a denial of service DoS attack...

Astra Linux - уязвимость в klibc

A issue was discovered in klibc before version 2.0.9. Multiple potential integer overflows in the cpio command on 32-bit systems could lead to a buffer overflow or other security issues...

Astra Linux - уязвимость в php7.3

In PHP versions 8.1. before 8.1.31, 8.2. before 8.2.26, and 8.3. before 8.3.14, uncontrolled long string inputs to the ldapescape function on 32-bit systems can lead to an integer overflow, resulting in an out-of-bounds write...

Astra Linux - уязвимость в libstb

STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may trigger an out-of-bounds write operation in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz causes an...

Astra Linux - уязвимость в poppler, poppler-22

Poppler is a PDF rendering library. Versions before 25.06.0 use std::atomicint for reference counting. Since std::atomicint is only 32 bits in size, it is possible for the reference count to overflow, leading to a use-after-free. Version 25.06.0 addresses this issue...

Astra Linux - уязвимость в redis

Redis is an open-source, in-memory database that persists data on disk. The redis-cli command-line tool and the redis-sentinel service may be vulnerable to integer overflow when parsing specially crafted large multi-bulk network replies. This issue arises due to a vulnerability in the hiredis...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fixed possible integer overflows in nilfsfiemap. Since nilfsbmaplookupcontig in nilfsfiemap calculates its result by handling up to maxblocks == INTMAX blocks, the value stored in n may experience an overflow caused by le...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: tps6594: Fixed integer overflow on 32-bit systems The issue arises from this multiplication in tps6594rtcsetoffset: tmp = offset TICKSPERHOUR; The “tmp” variable is of type s64, but “offset” is of type long -277774, which...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: ima: Fixed a potential integer overflow in imaappraisemeasurement. When ima-modsig is enabled, the rc parameter passed to evmverifyxattr may be negative, which could lead to an integer overflow issue...

Astra Linux - уязвимость в linux-6.1, linux, linux-5.15, linux-5.10

Integer overflow or wrap-up vulnerability in the Linux kernel on Linux, x86, and ARM md, raid, raid5 modules allows for forced integer overflow...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mwifiex: Fixed out-of-bounds access to the skb-data buffer during OOB operations and integer underflow when processing RX packets. Ensure that functions such as mwifiexprocessmgmtpacket, mwifiexprocessstarxpacket,...

Astra Linux - уязвимость в webkit2gtk

A flaw was discovered in WebKitGTK and WPE WebKit. This vulnerability allows for an out-of-bounds read and integer underflow, resulting in a UIProcess crash DoS through a crafted payload sent to the GLib remote inspector server...