CVE-2010-1450
HIGH severity · CVSS 7.5 · Buffer overflow
7.5CVSS HIGH
Summary
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)4%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://bugs.python.org/issue8678 ↗
Additional information
- NVD record
- http://bugs.python.org/issue8678Patch
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlAdvisory
- http://secunia.com/advisories/42888
- http://secunia.com/advisories/43068
- http://secunia.com/advisories/43364
- http://support.apple.com/kb/HT4435Advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:215