CVE-2018-3846
Gentoo Linux Security Advisory 202101-24
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
En las funciones ffgphd y ffgtkn en NASA CFITSIO 3.42, las imágenes especialmente manipuladas analizadas mediante la biblioteca pueden provocar un desbordamiento de búfer basado en pila que sobrescriba datos arbitrarios. Un atacante puede enviar una imagen FIT para desencadenar esta vulnerabilidad y una ejecución de código.
Multiple vulnerabilities have been found in cfitsio, the worst of which could result in the arbitrary execution of code. Versions less than 3.490 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2018-04-16 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 First Exploit
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529 | 2024-09-17 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nasa Search vendor "Nasa" | Cfitsio Search vendor "Nasa" for product "Cfitsio" | 3.42 Search vendor "Nasa" for product "Cfitsio" and version "3.42" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 28 Search vendor "Fedoraproject" for product "Fedora" and version "28" | - |
Affected
| ||||||