CVE-2008-2080
NASA Goddard Space Flight Center Common Data Format < 3.2.1 - Stack-Based Buffer Overflow via Crafted Length Tags
Title source: llmDescription
Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.
References (9)
Core 9
Core References
Various Sources x_refsource_confirm
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html
Exploit, Patch x_refsource_misc
http://www.coresecurity.com/?action=item&id=2260
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42219
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1440/references
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019965
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200805-14.xml
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29045
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30053
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30169
Scores
EPSS
0.0387
EPSS Percentile
89.0%
Details
CWE
CWE-119
Status
published
Products (11)
nasa_goddard_space_flight_center/common_data_format
2.0
nasa_goddard_space_flight_center/common_data_format
2.1
nasa_goddard_space_flight_center/common_data_format
2.2
nasa_goddard_space_flight_center/common_data_format
2.3
nasa_goddard_space_flight_center/common_data_format
2.4
nasa_goddard_space_flight_center/common_data_format
2.5
nasa_goddard_space_flight_center/common_data_format
2.6
nasa_goddard_space_flight_center/common_data_format
2.7
nasa_goddard_space_flight_center/common_data_format
3.0
nasa_goddard_space_flight_center/common_data_format
3.1
... and 1 more
Published
May 06, 2008
Tracked Since
Feb 18, 2026