CVE-2008-4864

 

Published at: - 01-11-2008 01:00

Last modified: - 05-07-2022 08:48

Total changes: - 2

Description

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:P/A:P

 

Verification logic

 

Reference

• 31976-Exploit, Third Party Advisory, VDB Entry
• http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c
• [oss-security] 20081029 CVE Request - Python imageop-Mailing List, Third Party Advisory
• http://scary.beasts.org/security/CESA-2008-008.html
• http://svn.python.org/view?rev=66689&view=rev
• [oss-security] 20081027 CVE request -- Python imageop#3-Mailing List, Third Party Advisory
• APPLE-SA-2009-02-12-Mailing List, Third Party Advisory
• 33937-Not Applicable
• 31932-Third Party Advisory, VDB Entry
• http://support.apple.com/kb/HT3438
• ADV-2009-3316-Permissions Required
• 37471-Not Applicable
• http://www.vmware.com/security/advisories/VMSA-2009-0016.html
• python-image-module-bo(46606)-Third Party Advisory, VDB Entry
• oval:org.mitre.oval:def:8354-Broken Link
• oval:org.mitre.oval:def:10702-Third Party Advisory
• 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components-Third Party Advisory, VDB Entry

 

Keywords

NVD

 

CVE-2008-4864

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures