Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: An out-of-bounds access issue in parsesecdesc has been fixed. If osidoffset, gsidoffset, and dacloffset can be greater than smbntsdstruct.size. If they are smaller, it could lead to an out-of-bounds situation. Additionally...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb/server: Fixed a potential null-ptr-deref of leasectxinfo in smb2open. null-ptr-deref will occur when reqoplevel == SMB2OPLOCKLEVELLEASE and parseleasestate returns NULL. The issue was fixed by checking whether leasectxinfo is...

Astra Linux – Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. A OOB-read vulnerability has been identified in the gstwavparsesmplchunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is...

Astra Linux - Vulnerability in gst-plugins-good1.0

GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds read has been detected in the function qtdemuxparsesamples in qtdemux.c. This issue occurs when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A memory leak was fixed in the parseleasestate function. The previous patch that added a bounds check for the create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: simple-card-utils: Fixed the pointer check in graphutilParseLinkDirectionation. Now, it checks whether the passed pointers are valid before writing to them. This also fixes a USBAN warning: UBSAN: Invalid-load in...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Verify the content returned by parseintarray. The first element of the returned array stores its length. If it is 0, any manipulation beyond the element at index 0 will result in a null-ptr-deref error...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: mcb: fixed a double-free bug in chameleonparsegdd. In chameleonparsegdd, if mcbdeviceregister fails, ‘mdev’ will be released through putdevice in mcbdeviceregister. As a result, the statement “goto ‘err’ label” and the subsequent...

Astra Linux – Vulnerability in libsoup3, libsoup2.4

A flaw was discovered in libsoup, where the soupheadersparserequest function may be vulnerable to an out-of-bound read. This flaw allows a malicious user to use a specially crafted HTTP request to crash the HTTP server...

@0x18b2ee/parse-server (>=3.10.1 <=3.11.0), @514labs/aurora-mcp (>=0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939 <=0.0.64) +408 more potentially affected by CVE-2025-29744 via pg-promise (>=0.9.8 <=11.5.4)

pg-promise NPM version =0.9.8, =3.10.1, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =1.0.0, =1.1.2, =0.0.2, =0.0.3, =0.1.1, =9.3.8, =2.13.15, =2.0.0, =1.1.152, =1.0.1, =1.0.5, =1.0.10 and more Source cves: CVE-2025-29744 Source advisory: OSV:GHSA-FF9H-848C-4XFJ...

SUSE CVE-2025-5898

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has...

SUSE CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

SUSE CVE-2025-47183

In GStreamer through 1.26.1, the isomp4 plugin's qtdemuxparsetree function may read past the end of a heap buffer while parsing an MP4 file, leading to information disclosure...

CVE-2025-5899

A flaw was found in GNU PSPP's pspp-convert utility. This vulnerability allows memory corruption and unexpected behaviour via local exploitation of improper memory deallocation in the parsevariablesoption function. Mitigation Mitigation for this issue is either not available or the currently...

DEBIAN-CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

DEBIAN-CVE-2025-5898

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has...

UBUNTU-CVE-2025-5898

A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has...

UBUNTU-CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

CVE-2025-5899 GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...

CVE-2025-5899

A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parsevariablesoption of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached...