In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
{ "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libcfitsio-bin", "binary_version": "3.430-2" }, { "binary_name": "libcfitsio-bin-dbgsym", "binary_version": "3.430-2" }, { "binary_name": "libcfitsio-dev", "binary_version": "3.430-2" }, { "binary_name": "libcfitsio-doc", "binary_version": "3.430-2" }, { "binary_name": "libcfitsio5", "binary_version": "3.430-2" }, { "binary_name": "libcfitsio5-dbgsym", "binary_version": "3.430-2" } ], "availability": "No subscription required" }