VYPR
Unrated severityNVD Advisory· Published Mar 27, 2008· Updated Jun 16, 2026

CVE-2008-1391

CVE-2008-1391

Description

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12
  • FreeBSD/FreeBSD8 versions
    cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*+ 7 more
    • cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
    • cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
  • cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
  • Range: unknown
  • NetBSD/libcllm-fuzzy
    Range: 4.x
  • FreeBSD/libcllm-fuzzy
    Range: 6.x and 7.x

Patches

Vulnerability mechanics

References

15

News mentions

0

No linked articles in our index yet.