CVE-2018-3849

Name
CVE-2018-3849
Description
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/
Third Party Advisory https://security.gentoo.org/glsa/202101-24

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:nasa:cfitsio:*:*:*:*:*:*:*:* cfitsio >= None < 3.490

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
cfitsio 3.14-community 3.49-r1 Holger Jaekel <holger.jaekel@gmx.de> possibly vulnerable