{"id":"AZL-43912","summary":"CVE-2019-1010060 affecting package cfitsio 4.0.0-5","details":"NASA CFITSIO prior to 3.43 is affected by: Buffer Overflow. The impact is: arbitrary code execution. The component is: over 40 source code files were changed. The attack vector is: remote unauthenticated attacker. The fixed version is: 3.43. NOTE: this CVE refers to the issues not covered by CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, and CVE-2018-3849. One example is ftp_status in drvrnet.c mishandling a long string beginning with a '4' character.","modified":"2026-04-21T04:31:12.897907Z","published":"2019-07-16T13:15:11Z","upstream":["CVE-2019-1010060"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1010060"}],"affected":[{"package":{"name":"cfitsio","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/cfitsio"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"4.0.0-5"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-43912.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}