CVE-2008-2719

Description

Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer overflow.

How to fix CVE-2008-2719

To remediate CVE-2008-2719, upgrade the affected package to a fixed version below.

• Debian/nasm—upgrade to 2.03.01-1 or later

Is CVE-2008-2719 being exploited?

Low — EPSS is 2.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.03.01-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-2719