U.S. Air Force · Extract75 · CVE-2020-13995
**Name of the Vulnerable Software and Affected Versions**
U.S. Air Force Sensor Data Management System extract75 (affected versions not specified)
**Description**
The issue is related to a buffer overflow in the U.S. Air Force Sensor Data Management System extract75, which can lead to code execution. This occurs due to an overflow in a global variable `sBuffer`, resulting in a Write-What-Where outcome. The overflow can clobber most global variables until it reaches a pointer, such as `DES info` or `image info`. By controlling this pointer, an attacker can achieve an arbitrary write when its fields are assigned, using data from a potentially untrusted NITF file. This allows the attacker to gain control of the instruction pointer.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.