Candidate: CVE-2018-3849
PublicDate: 2018-04-16 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3849
 https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
Description:
 In the ffghtb function in NASA CFITSIO 3.42, specially crafted images
 parsed via the library can cause a stack-based buffer overflow overwriting
 arbitrary data. An attacker can deliver an FIT image to trigger this
 vulnerability and potentially gain code execution.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892458
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_cfitsio:
upstream_cfitsio: released (3.430-1)
precise/esm_cfitsio: DNE
trusty_cfitsio: DNE
trusty/esm_cfitsio: DNE
xenial_cfitsio: ignored (end of standard support, was needed)
artful_cfitsio: ignored (reached end-of-life)
bionic_cfitsio: not-affected (3.430-2)
cosmic_cfitsio: not-affected (3.430-2)
disco_cfitsio: not-affected (3.430-2)
eoan_cfitsio: not-affected (3.430-2)
focal_cfitsio: not-affected (3.430-2)
groovy_cfitsio: not-affected (3.430-2)
hirsute_cfitsio: not-affected (3.430-2)
impish_cfitsio: not-affected (3.430-2)
jammy_cfitsio: not-affected (3.430-2)
devel_cfitsio: not-affected (3.430-2)