238 matches found
GLSA-200908-06 : CDF: User-assisted execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200908-06 CDF: User-assisted execution of arbitrary code Leon Juranic reported multiple heap-based buffer overflows for instance in the ReadAEDRList64, SearchForRecordr64, LastRecord64, and CDFsel64 functions. Impact : A remote...
Buffer overflow
Multiple buffer overflows in NASA Common Data Format CDF allow context-dependent attackers to execute arbitrary code, as demonstrated using 1 an array index error in the ReadAEDRList64 function, and other errors in the 2 SearchForRecordr64, 3 LastRecord64, 4 CDFsel64, and other unspecified...
CVE-2009-2850
CVE-2009-2850 relates to multiple heap/buffer overflows in NASA’s Common Data Format (CDF) library. The vulnerabilities are triggered by issues in functions such as ReadAEDRList64, SearchForRecord_r_64, LastRecord64, and CDFsel64, allowing context-dependent attackers to potentially execute arbitr...
[INFIGO-2009-07-09]: NASA Common Data Format remote buffer overflow(s)
=================================================================== 'Celebrating 40 years of Apollo and 20 years of buffer overflows' =================================================================== INFIGO IS Security Advisory ADV-2009-07-09 http://www.infigo.hr/en/ Title: NASA Common Data...
NASA CDF library multiple security vulnerabilities
Memory corruptions in ReadAEDRList64, SearchForRecordr64, LastRecord64, CDFsel64 functions...
CVE-2009-1515
Heap-based buffer overflow in the cdfreadsat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third...
FreeBSD : cdf3 -- Buffer overflow vulnerability (c4f31e16-6e33-11dd-8eb7-0011098ad87f)
NASA Goddard Space Flight Center reports : The libraries for the scientific data file format, Common Data Format CDF version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially crafted invalid CDF files. If successful, this could trigger execution of...
cdf3 -- Buffer overflow vulnerability
NASA Goddard Space Flight Center reports: The libraries for the scientific data file format, Common Data Format CDF version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted invalid CDF files. If successful, this could trigger execution of...
[ GLSA 200805-14 ] Common Data Format library: User-assisted execution of arbitrary code
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
CDF库src/lib/cdfread64.c文件栈溢出漏洞
BUGTRAQ ID: 29045 CVECAN ID: CVE-2008-2080 通用数据格式(CDF)是由NASA戈达德航天飞行中心开发的用于存储和操控标量和多维数据的数据格式。 CDF库在打开无效的CDF输入文件时存在栈溢出漏洞,允许攻击者在使用该库的应用程序环境中执行任意指令或导致整个应用程序崩溃。 漏洞存在于src/lib/cdfread64.c文件的以下代码中。Read32s64函数将数据从文件读取到缓冲区,temp缓冲区大小为MAXREAD32s,但没有检查count参数,因此大于MAXREAD32s的参数可能会触发栈溢出。 /----------- 57...
Stack overflow
Stack-based buffer overflow in the Read32s64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format CDF library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags...
CVE-2008-2080
Stack-based buffer overflow in the Read32s64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format CDF library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags...
CVE-2008-2080
The CVE-2008-2080 issue affects the NASA Goddard Space Flight Center Common Data Format (CDF) library up to version 3.2.0, where a stack-based buffer overflow in Read32s_64 (src/lib/cdfread64.c) can be triggered by specially crafted CDF files with invalid length tags. The underlying cause is impr...
CVE-2008-2080
Stack-based buffer overflow in the Read32s64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format CDF library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags...
NASA's Common Data Format Buffer Overflow
Advisory ID Internal CORE-2008-0326 Advisory Information: Advisory ID: CORE-2008-0326 Advisory URL:https://www.coresecurity.com/?action=item&id=2260 Date published: 2008-05-05 Date of last update: 2008-05-05 Vendors contacted: GODDARD Space Flight Center Release mode: Coordinated release...
Core Security Technologies Advisory 2008.0326
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ NASA's Common Data Format buffer overflow Advisory Information Title: NASA's Common Data Format buffer overflow Advisory ID: CORE-2008-0326 Advisory URL:...
CVE-2005-0056
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format CDF files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format CDF Cross Domain Vulnerability."...
CVE-2005-0056
CVE-2005-0056 affects Internet Explorer (Windows 2000/XP/Server 2003) via a cross-domain vulnerability in Channel Definition Format (CDF) file URL validation. A malicious web page could trigger information disclosure or remote code execution by exploiting the IE cross-domain security model, poten...