diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b24c0240ebd7..a609c9473199 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,48 @@ Note: Please add new entries to the beginning of this file. --> + + cdf3 -- Buffer overflow vulnerability + + + cdf3 + 3.2.1 + + + + +

NASA Goddard Space Flight Center reports:

+
+

The libraries for the scientific data file format, Common Data + Format (CDF) version 3.2 and earlier, have the potential for a + buffer overflow vulnerability when reading specially-crafted + (invalid) CDF files. If successful, this could trigger execution + of arbitrary code within the context of the CDF-reading program + that could be exploited to compromise a system, or otherwise + crash the program. While it's unlikely that you would open CDFs + from untrusted sources, we recommend everyone upgrade to the + latest CDF libraries on their systems, including the IDL and + Matlab plugins. Most worrisome is any service that enables the + general public to submit CDF files for processing.

+

The vulnerability is in the CDF library routines not properly + checking the length tags on a CDF file before copying data to a + stack buffer. Exploitation requires the user to explicitly open + a specially-crafted file. CDF users should not open files from + untrusted third parties until the patch is applied (and continue + then to exercise normal caution for files from untrusted third + parties).

+
+ + + + http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html + + + 2008-05-15 + 2008-08-19 + + + drupal -- multiple vulnerabilities