CVE-2008-2080

NASA Goddard Space Flight Center Common Data Format < 3.2.1 - Stack-Based Buffer Overflow via Crafted Length Tags

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.

References (9)

Core 9
Core References
Various Sources x_refsource_confirm
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html
Exploit, Patch x_refsource_misc
http://www.coresecurity.com/?action=item&id=2260
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42219
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1440/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1019965
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200805-14.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29045
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30053
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30169

Scores

EPSS 0.0387
EPSS Percentile 89.0%

Details

CWE
CWE-119
Status published
Products (11)
nasa_goddard_space_flight_center/common_data_format 2.0
nasa_goddard_space_flight_center/common_data_format 2.1
nasa_goddard_space_flight_center/common_data_format 2.2
nasa_goddard_space_flight_center/common_data_format 2.3
nasa_goddard_space_flight_center/common_data_format 2.4
nasa_goddard_space_flight_center/common_data_format 2.5
nasa_goddard_space_flight_center/common_data_format 2.6
nasa_goddard_space_flight_center/common_data_format 2.7
nasa_goddard_space_flight_center/common_data_format 3.0
nasa_goddard_space_flight_center/common_data_format 3.1
... and 1 more
Published May 06, 2008
Tracked Since Feb 18, 2026