CVE-2018-3848

Summary

In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Affected Software

VendorProductVersion RangeStatus
TalosNASA CFITSIONASA CFITSIO 3.42affected

Weaknesses

  • Stack-based buffer overflow

ADP Enrichment

CVE Program Container

Additional References

References