First published: Mon Apr 16 2018(Updated: )
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
NASA CFITSIO | <3.490 | |
Fedoraproject Fedora | =28 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-3848 is a vulnerability in NASA CFITSIO 3.42 that allows specially crafted images to cause a stack-based buffer overflow, potentially leading to code execution.
The ffghbn function in NASA CFITSIO 3.42 can trigger CVE-2018-3848 by parsing specially crafted images, which can cause a stack-based buffer overflow and overwrite arbitrary data.
CVE-2018-3848 has a severity rating of 8.8 (high).
Versions up to and excluding 3.490 of NASA CFITSIO and Fedora 28 are affected by CVE-2018-3848.
An attacker can exploit CVE-2018-3848 by delivering a specially crafted FIT image, which triggers the vulnerability and potentially allows for code execution.