5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:N/A:P
0.046 Low
EPSS
Percentile
92.5%
Multiple integer overflows in the imageop module in Python 2.5.1 and
earlier allow context-dependent attackers to cause a denial of service
(application crash) and possibly obtain sensitive information (memory
contents) via crafted arguments to (1) the tovideo method, and unspecified
other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other
files, which trigger heap-based buffer overflows.
Author | Note |
---|---|
jdstrand | bug report has debdiffs |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 6.06 | noarch | python2.4 | < 2.4.3-0ubuntu6.1 | UNKNOWN |
ubuntu | 6.10 | noarch | python2.4 | < 2.4.4~c1-0ubuntu1.1 | UNKNOWN |
ubuntu | 7.04 | noarch | python2.4 | < 2.4.4-2ubuntu7.1 | UNKNOWN |
ubuntu | 7.10 | noarch | python2.4 | < 2.4.4-6ubuntu4.1 | UNKNOWN |
ubuntu | 6.10 | noarch | python2.5 | < 2.5-2ubuntu2.1 | UNKNOWN |
ubuntu | 7.04 | noarch | python2.5 | < 2.5.1-0ubuntu1.1 | UNKNOWN |
ubuntu | 7.10 | noarch | python2.5 | < 2.5.1-5ubuntu5.1 | UNKNOWN |