Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
bugs.gentoo.org/show_bug.cgi?id=192876
docs.info.apple.com/article.html?artnum=307179
lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
lists.vmware.com/pipermail/security-announce/2008/000005.html
secunia.com/advisories/26837
secunia.com/advisories/27460
secunia.com/advisories/27562
secunia.com/advisories/27872
secunia.com/advisories/28136
secunia.com/advisories/28480
secunia.com/advisories/28838
secunia.com/advisories/29032
secunia.com/advisories/29303
secunia.com/advisories/29889
secunia.com/advisories/31255
secunia.com/advisories/31492
secunia.com/advisories/33937
secunia.com/advisories/37471
secunia.com/advisories/38675
support.apple.com/kb/HT3438
support.avaya.com/css/P8/documents/100074697
wiki.rpath.com/wiki/Advisories:rPSA-2007-0254
www.debian.org/security/2008/dsa-1551
www.debian.org/security/2008/dsa-1620
www.gentoo.org/security/en/glsa/glsa-200711-07.xml
www.mandriva.com/security/advisories?name=MDVSA-2008:012
www.mandriva.com/security/advisories?name=MDVSA-2008:013
www.redhat.com/support/errata/RHSA-2007-1076.html
www.redhat.com/support/errata/RHSA-2008-0629.html
www.securityfocus.com/archive/1/487990/100/0/threaded
www.securityfocus.com/archive/1/488457/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/25696
www.ubuntu.com/usn/usn-585-1
www.us-cert.gov/cas/techalerts/TA07-352A.html
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2007/3201
www.vupen.com/english/advisories/2007/4238
www.vupen.com/english/advisories/2008/0637
www.vupen.com/english/advisories/2009/3316
exchange.xforce.ibmcloud.com/vulnerabilities/36653
issues.rpath.com/browse/RPL-1885
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496
www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html