FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-19 19:12:13 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c4f31e16-6e33-11dd-8eb7-0011098ad87f	cdf3 -- Buffer overflow vulnerability NASA Goddard Space Flight Center reports: The libraries for the scientific data file format, Common Data Format (CDF) version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted (invalid) CDF files. If successful, this could trigger execution of arbitrary code within the context of the CDF-reading program that could be exploited to compromise a system, or otherwise crash the program. While it's unlikely that you would open CDFs from untrusted sources, we recommend everyone upgrade to the latest CDF libraries on their systems, including the IDL and Matlab plugins. Most worrisome is any service that enables the general public to submit CDF files for processing. The vulnerability is in the CDF library routines not properly checking the length tags on a CDF file before copying data to a stack buffer. Exploitation requires the user to explicitly open a specially-crafted file. CDF users should not open files from untrusted third parties until the patch is applied (and continue then to exercise normal caution for files from untrusted third parties). Discovery 2008-05-15 Entry 2008-08-19 Modified 2010-05-12 cdf3 < 3.2.1 CVE-2008-2080 http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html

VuXML ID

Description

c4f31e16-6e33-11dd-8eb7-0011098ad87f

cdf3 -- Buffer overflow vulnerability

NASA Goddard Space Flight Center reports:

The libraries for the scientific data file format, Common Data Format (CDF) version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted (invalid) CDF files. If successful, this could trigger execution of arbitrary code within the context of the CDF-reading program that could be exploited to compromise a system, or otherwise crash the program. While it's unlikely that you would open CDFs from untrusted sources, we recommend everyone upgrade to the latest CDF libraries on their systems, including the IDL and Matlab plugins. Most worrisome is any service that enables the general public to submit CDF files for processing.

The vulnerability is in the CDF library routines not properly checking the length tags on a CDF file before copying data to a stack buffer. Exploitation requires the user to explicitly open a specially-crafted file. CDF users should not open files from untrusted third parties until the patch is applied (and continue then to exercise normal caution for files from untrusted third parties).

Discovery 2008-05-15
Entry 2008-08-19
Modified 2010-05-12
cdf3

< 3.2.1

CVE-2008-2080
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html