cve

CVE-2020-13995: Details on a Vulnerability in a NITF Parser

While fuzzing a NITF Extract utility extract75 utility published by the US Air Force Sensor Data Management System, we found a global buffer overflow that leads to a write-what-where condition. This flaw has been assigned CVE-2020-13995 and is disclosed in this blog post.

See our Coordinated Vulnerability Disclosure process for more information on how we go about disclosing vulnerabilities we find.

Continue reading