CVE-2008-1391

2008-03-27T17:44:00
ID CVE-2008-1391
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:33:00

Description

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.