| May 05, 2008 |
Common Data Format Buffer Overflow Vulnerability NASA has issued an advisory regarding a vulnerability in Common Data Format (CDF) version 3.2 and earlier. This vulnerability is due to a buffer overflow condition in the handling of specially-crafted CDF files. Exploitation of this vulnerability may allow an attacker to execute arbitrary code. US-CERT encourages users to review the NASA advisory and update to CDF 3.2.1 to help mitigate the risk. US-CERT will provide additional information as it becomes available. |