Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo() method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Reported again by Marc Schoenefeld in the Red Hat bugzilla at 2009-11-26.
Dates:
Disclosure date: 2007-09-16 (full-disclosure email)
Reported by: Slythers Bro (on the full-disclosure mailing list)
Python 2.5.3 (2008-12-19) fixed by commit 4df1b6d (branch 2.5) (2008-08-19)
Python 2.6.0 (2008-10-01) fixed by commit 93ebfb1 (branch 2.6) (2008-08-19)
[CVE-2007-4965] Integer overflow in imageop module.
Python issue: bpo-1179
Creation date: 2007-09-19
Reporter: Ismail Donmez
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
CVE ID: CVE-2007-4965
Published: 2007-09-18
CVSS Score: 5.8
Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.
CVE ID: CVE-2009-4134
Published: 2010-05-27
CVSS Score: 5.0
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.
CVE ID: CVE-2010-1449
Published: 2010-05-27
CVSS Score: 7.5
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.
CVE ID: CVE-2010-1450
Published: 2010-05-27
CVSS Score: 7.5
Timeline using the disclosure date 2007-09-16 as reference:
2007-09-16: Disclosure date (full-disclosure email)
2007-09-18 (+2 days): CVE-2007-4965 published
2007-09-19 (+3 days): Python issue bpo-1179 reported by Ismail Donmez
2008-08-19 (+338 days): commit 4df1b6d (branch 2.5)
2008-08-19 (+338 days): commit 93ebfb1 (branch 2.6)
2008-10-01: Python 2.6.0 released
2008-12-19 (+460 days): Python 2.5.3 released
2010-05-27 (+984 days): CVE-2009-4134 published
2010-05-27 (+984 days): CVE-2010-1449 published
2010-05-27 (+984 days): CVE-2010-1450 published
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4