CVE-2008-1679
MEDIUM severity · CVSS 6.8 · Integer overflow
6.8CVSS MEDIUM
Summary
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)4%
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://secunia.com/advisories/29889 ↗
Additional information
- NVD record
- http://secunia.com/advisories/29889Patch
- http://bugs.python.org/issue1179Advisory
- http://bugs.python.org/msg64682Advisory
- http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.htmlAdvisory
- http://secunia.com/advisories/29955
- http://secunia.com/advisories/30872
- http://secunia.com/advisories/31255