Published: 01/11/2008 Updated: 05/07/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 up to and including 2.5.1 allow context-dependent malicious users to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python python

It was discovered that Python incorrectly handled certain arguments in the imageop module If an attacker were able to pass specially crafted arguments through the crop function, they could execute arbitrary code with user privileges For Python 25, this issue only affected Ubuntu 804 LTS (CVE-2008-4864) ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...

Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...

Python's 'imageop' module is prone to a buffer-overflow vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module This may result in a compromise of the underlying system Failed attempts may lead to a denial-of-service condition This issue affects versions ...

source: wwwsecurityfocuscom/bid/31932/info Python's 'imageop' module is prone to a buffer-overflow vulnerability Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python modules This may result in a compromise of the underlying system Failed attempts may lead to a den ...

CWE-190 http://www.securityfocus.com/bid/31976 http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c http://www.openwall.com/lists/oss-security/2008/10/29/3 http://scary.beasts.org/security/CESA-2008-008.html http://svn.python.org/view?rev=66689&view=rev http://www.openwall.com/lists/oss-security/2008/10/27/2 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://secunia.com/advisories/33937 http://www.securityfocus.com/bid/31932 http://support.apple.com/kb/HT3438 http://www.vupen.com/english/advisories/2009/3316 http://secunia.com/advisories/37471 http://www.vmware.com/security/advisories/VMSA-2009-0016.html https://exchange.xforce.ibmcloud.com/vulnerabilities/46606 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702 http://www.securityfocus.com/archive/1/507985/100/0/threaded https://usn.ubuntu.com/806-1/https://nvd.nist.gov https://www.exploit-db.com/exploits/10229/

CVE-2008-4864

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect