CVE-2008-4864

2008-11-01 01:00:01 2018-10-11 22:53:01

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.

Vector

NETWORK

Complexity

LOW

Authentication

NONE

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Python software foundation Python 2.5.1 (not an official CPE) Python software foundation Python 2.5 (not an official CPE) Python software foundation Python 2.4.4 (not an official CPE) Python software foundation Python 2.4.3 (not an official CPE) Python software foundation Python 2.4.2 (not an official CPE) Python software foundation Python 2.4.1 (not an official CPE) Python software foundation Python 2.4 (not an official CPE) Python software foundation Python 2.3.6 (not an official CPE) Python software foundation Python 2.3.5 (not an official CPE) Python software foundation Python 2.3.4 (not an official CPE) Python software foundation Python 2.3.3 (not an official CPE) Python software foundation Python 2.3.2 (not an official CPE) Python software foundation Python 2.3.1 (not an official CPE) Python software foundation Python 2.3 (not an official CPE) Python software foundation Python 2.2.3 (not an official CPE) Python software foundation Python 2.2.2 (not an official CPE) Python software foundation Python 2.2.1 (not an official CPE) Python software foundation Python 2.2 (not an official CPE) Python software foundation Python 2.1.3 (not an official CPE) Python software foundation Python 2.1.2 (not an official CPE) Python software foundation Python 2.1.1 (not an official CPE) Python software foundation Python 2.1 (not an official CPE) Python software foundation Python 2.0.1 (not an official CPE) Python software foundation Python 2.0 (not an official CPE) Python software foundation Python 1.6.1 (not an official CPE) Python software foundation Python 1.6 (not an official CPE) Python software foundation Python 1.5.2 (not an official CPE)

Python software foundation - Python

Advisory	Patch	Confirmed	Link
			python-image-module-bo(46606)
			ADV-2009-3316
			http://www.vmware.com/security/advisories/VMSA-2009-0016...
			31976
			31932
			20091120 VMSA-2009-0016 VMware vCenter and ESX update re...
			[oss-security] 20081029 CVE Request - Python imageop
			http://svn.python.org/view/python/trunk/Modules/imageop....
			http://svn.python.org/view?rev=66689&view=rev
			[oss-security] 20081027 CVE request -- Python imageop#3
			http://support.apple.com/kb/HT3438
			http://scary.beasts.org/security/CESA-2008-008.html
			APPLE-SA-2009-02-12

Numeric Errors (ID 189)

Related CVE(s) 2 CVE-2007-4965 CVSS 5.8 CVE-2008-1679 CVSS 6.8