CVE-2018-3847
Description
Multiple exploitable buffer overflow vulnerabilities exist in image parsing functionality of the CFITSIO library version 3.42. Specially crafted images parsed via the library, can cause a stack-based buffer overflow overwriting arbitrary data. An attacker can deliver an FIT image to trigger this vulnerability and potentially gain code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Stack-based buffer overflow in CFITSIO 3.42 allows arbitrary code execution via crafted FITS image.
Vulnerability
CFITSIO library version 3.42 contains multiple stack-based buffer overflow vulnerabilities in the ffgkyn function, which reads a key-value pair from a FITS image. The overflow occurs when an illegal character is encountered in the FITS card [1].
Exploitation
An attacker can exploit this vulnerability by delivering a specially crafted FITS image to a user or application using CFITSIO to parse the image. No authentication is required, but user interaction is needed (e.g., opening the file) [1].
Impact
Successful exploitation can lead to arbitrary code execution with the privileges of the user running the vulnerable software. This could result in full compromise of confidentiality, integrity, and availability. CVSS 8.8 [1].
Mitigation
The vulnerability is fixed in CFITSIO version 3.490 and later [2]. Users should upgrade to at least 3.490. According to Gentoo GLSA, no workaround is available [2].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: =3.42
- NASA/CFITSIOv5Range: 3.42
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- security.gentoo.org/glsa/202101-24mitrevendor-advisoryx_refsource_GENTOO
- www.talosintelligence.com/vulnerability_reports/TALOS-2018-0530mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.