Approved changes feed: RSS · Atom
cpe:2.3:a:nasa:cfitsio:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Nasa (53a37713-6109-50d8-8bfa-fbb4eca64abd) |
|---|---|
| Product | Cfitsio (7658cace-56f8-534e-9458-a734d12fabfe) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:deb/debian/cfitsio |
purl2cpe | 2026-06-01 10:15:37.617749 |
pkg:deb/ubuntu/cfitsio |
purl2cpe | 2026-06-01 10:15:37.617752 |
pkg:github/bonimy/cfitsio |
purl2cpe | 2026-06-01 10:15:37.617755 |
pkg:github/healpy/cfitsio |
purl2cpe | 2026-06-01 10:15:37.617758 |
pkg:github/punzo/cfitsio |
purl2cpe | 2026-06-01 10:15:37.617761 |
pkg:rpm/fedora/cfitsio |
purl2cpe | 2026-06-01 10:15:37.617763 |
pkg:rpm/opensuse/cfitsio |
purl2cpe | 2026-06-01 10:15:37.617766 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2019-1010060 |
vulnerable | 2026-06-03 14:39:20.832672 |
Details available
NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.
Published: 2019-07-16T12:16:38.000Z
Updated: 2024-08-05T03:07:18.244Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3849 |
vulnerable | 2026-06-03 14:38:50.520960 |
Details available
HIGH (8.8)
In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
Published: 2018-04-16T15:00:00.000Z
Updated: 2024-09-17T01:32:06.589Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3848 |
vulnerable | 2026-06-03 14:38:50.520562 |
Details available
HIGH (8.8)
In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
Published: 2018-04-16T15:00:00.000Z
Updated: 2024-09-17T01:17:05.927Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-3847 |
vulnerable | 2026-06-03 14:38:50.520037 |
Details available
HIGH (8.8)
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
Published: 2018-08-01T19:00:00.000Z
Updated: 2024-09-17T01:01:00.787Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.