GCVE - cpe:2.3:a:talos:nasa_cfitsio:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:talos:nasa_cfitsio:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Talos (`e7c02545-e938-5775-90a6-6bebb73bfb47`)
Product	Nasa Cfitsio (`a68752f3-3055-5cb2-b309-f63a35e19ced`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-3849`	vulnerable	2026-06-03 14:38:50.520924	Details available HIGH (8.8) In the ffghtb function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Published: 2018-04-16T15:00:00.000Z Updated: 2024-09-17T01:32:06.589Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/ https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3848`	vulnerable	2026-06-03 14:38:50.520526	Details available HIGH (8.8) In the ffghbn function in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Published: 2018-04-16T15:00:00.000Z Updated: 2024-09-17T01:17:05.927Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/ https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3846`	vulnerable	2026-06-03 14:38:50.517872	Details available HIGH (8.8) In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Published: 2018-04-16T15:00:00.000Z Updated: 2024-09-17T02:21:57.506Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/ https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.