SecureThroughObscure writes: "The Core Security Team announced that it had discovered a stack overflow flaw in libs created by NASA. They submitted details to the Full-Disclosure mailing list, but the highlights of this have been posted by Nate McFeters on the ZDNet Zero-Day security blog. From the CORE advisory: *Vulnerability Description* CDF  is a common data format developed by the NASA Goddard Space Flight Center. It is a conceptual data abstraction for storing, manipulating, and accessing multidimensional data sets. The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels. The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. The vulnerability is caused due to the CDF ('src/lib/cdfread64.c') library not properly sanitizing the length tags on a CDF file before using it to copy data on a stack buffer. This can be exploited to get arbitrary code execution by opening a specially crafted file."