7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
python is vulnerable to arbitrary code execution. Multiple integer overflow flaws were found in the Python imageop module. If a Python application used the imageop module to process untrusted images, it could cause the application to disclose sensitive information, crash or, potentially, execute arbitrary code with the Python interpreter’s privileges.
CPE | Name | Operator | Version |
---|---|---|---|
python | eq | 2.3.4__14.4.el4_6.1 | |
python | eq | 2.4.3__21.el5 | |
python | eq | 2.4.3__19.el5 | |
python | eq | 2.3.4__14.4.el4_6.1 | |
python | eq | 2.4.3__21.el5 | |
python | eq | 2.4.3__19.el5 |
lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
scary.beasts.org/security/CESA-2008-008.html
secunia.com/advisories/33937
secunia.com/advisories/37471
support.apple.com/kb/HT3438
svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c
svn.python.org/view?rev=66689&view=rev
www.openwall.com/lists/oss-security/2008/10/27/2
www.openwall.com/lists/oss-security/2008/10/29/3
www.redhat.com/security/updates/classification/#moderate
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/bid/31932
www.securityfocus.com/bid/31976
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/3316
access.redhat.com/errata/RHSA-2009:1176
exchange.xforce.ibmcloud.com/vulnerabilities/46606
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354