Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: mwifiex: Fixed out-of-bounds access to the skb-data buffer during OOB operations and integer underflow when processing RX packets. Ensure that functions such as mwifiexprocessmgmtpacket, mwifiexprocessstarxpacket,...

Astra Linux - уязвимость в poppler, poppler-22

Poppler is a PDF rendering library. Versions before 25.06.0 use std::atomicint for reference counting. Since std::atomicint is only 32 bits in size, it is possible for the reference count to overflow, leading to a use-after-free. Version 25.06.0 addresses this issue...

Astra Linux - уязвимость в libstb

STBVorbis is a single-file library licensed under MIT that processes OGG Vorbis files. A maliciously crafted file may trigger an out-of-bounds write operation in f-vendori = get8packetf;. The root cause is an integer overflow in setupmalloc. A sufficiently large value in the variable sz causes an...

Astra Linux - уязвимость в webkit2gtk

A flaw was discovered in WebKitGTK and WPE WebKit. This vulnerability allows for an out-of-bounds read and integer underflow, resulting in a UIProcess crash DoS through a crafted payload sent to the GLib remote inspector server...

Astra Linux - уязвимость в firefox, thunderbird, expat

The buildmodel function in xmlparse.c within ExPat also known as libexpat has an integer overflow issue before version 2.4.3...

Astra Linux - уязвимость в tiff

A vulnerability was discovered in libtiff due to multiple potential integer overflows in the raw2tiff.c file. This flaw allows remote attackers to cause a denial of service or potentially execute arbitrary code through a crafted TIF image, triggering a heap-based buffer overflow...

Astra Linux - уязвимость в gst-plugins-bad1.0

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability, but the attack vectors may vary...

Astra Linux - уязвимость в nasm

There is an illegal address access in asm/preproc.c function: ismmacro within Netwide Assembler NASM 2.14rc16. This issue may lead to a denial of service due to out-of-bounds array access, as a certain conversion can result in a negative integer...

Astra Linux - уязвимость в binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in the GNU Binutils through version 2.31. There is an integer overflow and an infinite loop caused by the ISCONTAINEDBYLMA macro in elf.c...

Astra Linux - уязвимость в gimp

GIMP PNM File Parsing: Integer Overflow and Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability, as the target must visit a malicious page or open a...

Astra Linux - уязвимость в unbound

Before version 1.9.5, Unbound allowed an integer overflow in the regional allocator through the ALIGNUP macro. NOTE: The vendor denies that this is a vulnerability. Although the code may be vulnerable, an ongoing Unbound installation cannot be remotely or locally exploited...

Astra Linux - уязвимость в libavif

In libavif before version 1.3.0, the makeRoom function in stream.c has an integer overflow, resulting in a buffer overflow at stream-offset+size...

Astra Linux - уязвимость в linux-5.10, linux, linux-5.15, linux-6.1

An integer overflow flaw was discovered in the Linux kernel. This issue causes the kernel to allocate skbsharedinfo in the user space, which can be exploited in systems without SMAP protection, as skbsharedinfo contains references to function pointers...

Astra Linux - уязвимость в binutils

The getcount function in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.31, allows remote attackers to cause a denial of service malloc calls with an integer overflow result or potentially have unspecified other impacts through a crafted string, as demonstrated by c++filt...

Astra Linux - уязвимость в xwayland, xorg-server

A flaw was discovered in the Big Requests extension. The length of the request is multiplied by 4 before checking against the maximum allowed size, which may lead to an integer overflow and bypassing the size check...

Astra Linux - уязвимость в redis

Redis is an in-memory database that persists data on disk. Redis improperly handles the resizing of memory buffers, which can lead to integer overflow, resulting in heap overflow and potential remote code execution. This issue has been fixed in versions 7.0.15 and 7.2.4...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Do not cause overflow in the peek function. When we started assigning new inode numbers to most of the 64-bit inode space, it triggered some edge-case bugs, particularly some integer overflows related to...

Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The affected versions are subject to an IntegerOverflow issue, which leads to an Out-of-Bound Write Vulnerability in the gdiCreateSurface function. This issue only affects FreeRDP-based clients...

Astra Linux - уязвимость в libgsf

There is an integer overflow vulnerability in the Compound Document Binary File format parser of v1.14.52 in the GNOME Project’s G Structured File Library libgsf. A specially crafted file can lead to an integer overflow, allowing for a heap-based buffer overflow when processing the sector...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fixed an out-of-bounds access in parseintegerlimit. When configuring osnoisecpus using the write system call, the following KASAN exception may occur: BUG: KASAN: Out-of-bounds access in...