CVE-2018-3846

Name of the Vulnerable Software and Affected Versions NASA CFITSIO version 3.42

Description The issue arises from specially crafted images parsed via the library, which can cause a stack-based buffer overflow, overwriting arbitrary data. This can be triggered by delivering an FIT image, potentially allowing an attacker to gain code execution. The ffgphd and ffgtkn functions are specifically affected.

Recommendations For NASA CFITSIO version 3.42, consider disabling the ffgphd and ffgtkn functions as a temporary workaround until a patch is available. Restrict access to parsing FIT images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.