Lucene search

[email protected]CVE-2009-4134

HistoryMay 27, 2010 - 7:30 p.m.

CVE-2009-4134

2010-05-2719:30:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2009-4134

python 2.5

rgbimg module

buffer underflow

denial of service

invalid pointer dereference

8.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.041 Low

EPSS

Percentile

92.0%

JSON

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

CPENameOperatorVersion
python:pythonpythoneq2.5.0

CPE	Name	Operator	Version
python:python	python	eq	2.5.0

References

bugs.python.org/issue8678

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

secunia.com/advisories/42888

secunia.com/advisories/43068

secunia.com/advisories/43364

support.apple.com/kb/HT4435

www.mandriva.com/security/advisories?name=MDVSA-2010:215

www.redhat.com/support/errata/RHSA-2011-0027.html

www.redhat.com/support/errata/RHSA-2011-0260.html

www.securityfocus.com/bid/40361

www.vupen.com/english/advisories/2011/0122

www.vupen.com/english/advisories/2011/0212

www.vupen.com/english/advisories/2011/0413

bugzilla.redhat.com/show_bug.cgi?id=541698

8.7 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.041 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2009-4134

veracode1 debiancve1 prion1 ubuntucve1 nessus11 redhat2 oraclelinux2 openvas9 securityvulns1