CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-3847

Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.0%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

https://security.gentoo.org/glsa/202101-24
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530
https://security.gentoo.org/glsa/202101-24
https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530

Products affected by CVE-2018-3847

Nasa » Cfitsio » Version: 3.42

cpe:2.3:a:nasa:cfitsio:3.42

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-3847

Products

Pricing

Contact Us