CVE-2018-3847

Name of the Vulnerable Software and Affected Versions CFITSIO library version 3.42

Description Multiple exploitable buffer overflow vulnerabilities exist in the image parsing functionality. Specially crafted images parsed via the library can cause a stack-based buffer overflow, overwriting arbitrary data. An attacker can deliver an FIT image to trigger this issue and potentially gain code execution.

Recommendations For CFITSIO library version 3.42, consider avoiding the use of the image parsing functionality until a patch is available. As a temporary workaround, restrict the delivery of FIT images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.