CVE-2018-3849

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NASA CFITSIO version 3.42

Description The issue is related to a stack-based buffer overflow in the ffghtb function. This can be triggered by specially crafted images parsed via the library, potentially allowing an attacker to overwrite arbitrary data and gain code execution. An attacker can deliver an FIT image to exploit this issue.

Recommendations For NASA CFITSIO version 3.42, consider updating to a newer version that contains a fix for this issue, as using specially crafted images can lead to a stack-based buffer overflow. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-1861

ALT-PU-2021-1918

ALT-PU-2025-1394

CVE-2018-3849

MGASA-2019-0133

OESA-2022-1533

OESA-2022-1848

Affected Products

Alt Linux

Cfitsio

CVE-2018-3849

Weakness Enumeration

Related Identifiers

Affected Products

References · 22