September 24, 2020
While fuzzing a NITF Extract utility
extract75 utility published by the US Air Force Sensor Data Management System, we found a global buffer overflow that leads to a write-what-where condition. This flaw has been assigned CVE-2020-13995 and is disclosed in this blog post.
See our Coordinated Vulnerability Disclosure process for more information on how we go about disclosing vulnerabilities we find.