GCVE - cpe:2.3:a:nasa:cfitsio:3.42:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nasa:cfitsio:3.42:*:*:*:*:*:*:*

part: a version: 3.42 update: *

Vendor	Nasa (`53a37713-6109-50d8-8bfa-fbb4eca64abd`)
Product	Cfitsio (`7658cace-56f8-534e-9458-a734d12fabfe`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/cfitsio`	purl2cpe	2026-06-01 10:15:37.618638
`pkg:deb/ubuntu/cfitsio`	purl2cpe	2026-06-01 10:15:37.618639
`pkg:github/bonimy/cfitsio`	purl2cpe	2026-06-01 10:15:37.618641
`pkg:github/healpy/cfitsio`	purl2cpe	2026-06-01 10:15:37.618642
`pkg:github/punzo/cfitsio`	purl2cpe	2026-06-01 10:15:37.618644
`pkg:rpm/fedora/cfitsio`	purl2cpe	2026-06-01 10:15:37.618645
`pkg:rpm/opensuse/cfitsio`	purl2cpe	2026-06-01 10:15:37.618646

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-3847`	vulnerable	2026-06-03 14:38:50.520084	Details available HIGH (8.8) Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Published: 2018-08-01T19:00:00.000Z Updated: 2024-09-17T01:01:00.787Z Open on db.gcve.eu Reference links https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-3846`	vulnerable	2026-06-03 14:38:50.518446	Details available HIGH (8.8) In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially crafted images parsed via the library can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution. Published: 2018-04-16T15:00:00.000Z Updated: 2024-09-17T02:21:57.506Z Open on db.gcve.eu Reference links https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K46I2MFPCEOGC5LLDXZSWPB3EBPON3KA/ https://security.gentoo.org/glsa/202101-24 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.