Candidate: CVE-2018-3847
PublicDate: 2018-08-01 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3847
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530
Description:
 Multiple exploitable buffer overflow vulnerabilities exist in image parsing
 functionality of the CFITSIO library version 3.42. Specially crafted images
 parsed via the library, can cause a stack-based buffer overflow overwriting
 arbitrary data. An attacker can deliver an FIT image to trigger this
 vulnerability and potentially gain code execution.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_cfitsio:
upstream_cfitsio: needs-triage
precise/esm_cfitsio: DNE
trusty_cfitsio: DNE
trusty/esm_cfitsio: DNE
xenial_cfitsio: ignored (end of standard support, was needed)
bionic_cfitsio: not-affected (3.430-2)
cosmic_cfitsio: ignored (reached end-of-life)
disco_cfitsio: ignored (reached end-of-life)
eoan_cfitsio: ignored (reached end-of-life)
focal_cfitsio: not-affected
groovy_cfitsio: not-affected
hirsute_cfitsio: not-affected
impish_cfitsio: not-affected
jammy_cfitsio: not-affected
devel_cfitsio: not-affected