Java WebStart applications that refer to, will automatically be updated to include this fix the next time the application is started while connected to the Internet. Updates for Perl, IDL, Matlab and Java WebStart are also available. CDF users should not open files from untrusted third parties until the patch is applied (and continue then to exercise normal caution for files from untrusted third parties).ĬDF 3.2.1 addresses this vulnerability and introduces further usability fixes. Exploitation requires the user to explicitly open a specially-crafted file. The vulnerability is in the CDF library routines not properly checking the length tags on a CDF file before copying data to a stack buffer. Most worrisome is any service that enables the general public to submit CDF files for processing. While it's unlikely that you would open CDFs from untrusted sources, we recommend everyone upgrade to the latest CDF libraries on their systems, including the IDL and Matlab plugins. If successful, this could trigger execution of arbitrary code within the context of the CDF-reading program that could be exploited to compromise a system, or otherwise crash the program. The libraries for the scientific data file format, Common Data Format (CDF) version 3.2 and earlier, have the potential for a buffer overflow vulnerability when reading specially-crafted (invalid) CDF files. Common Data Format (CDF) Version 3.2 and earlier Buffer Overflow Vulnerability
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |