Stack-based Buffer Overflow in NASA CFITSIO 3.42: Arbitrary Code Execution via Crafted FIT Images

Stack-based Buffer Overflow in NASA CFITSIO 3.42: Arbitrary Code Execution via Crafted FIT Images

CVE-2018-3846 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Learn more about our Web Application Penetration Testing UK.