CFITSIO through version 3.42 has a stack-based buffer overflow vulnerability in the ffghbn() function that can potentially allow an attacker to execute code via a crafted FIT image file.
Created cfitsio tracking bugs for this issue:
Affects: fedora-all [bug 1568184]
Affects: epel-all [bug 1568181]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):