CVE-2018-3848

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NASA CFITSIO version 3.42

Description The issue is related to a stack-based buffer overflow in the ffghbn function when parsing specially crafted images via the library. This can lead to overwriting arbitrary data, potentially allowing an attacker to gain code execution by delivering a crafted FIT image.

Recommendations For NASA CFITSIO version 3.42, consider disabling the ffghbn function until a patch is available to prevent potential exploitation. Restrict access to parsing untrusted FIT images to minimize the risk of triggering this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-1861

ALT-PU-2021-1918

ALT-PU-2025-1394

CVE-2018-3848

MGASA-2019-0133

OESA-2022-1533

OESA-2022-1848

Affected Products

Alt Linux

Cfitsio

CVE-2018-3848

Weakness Enumeration

Related Identifiers

Affected Products

References · 21