Headline
CVE-2008-1679: Message 64682 - Python tracker
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
Message64682
Author
chmod007
Recipients
chmod007, donmez, gvanrossum, jafo, jhpanetta, nevyn, nnorwitz
Date
2008-03-29.04:37:25
SpamBayes Score
0.124706
Marked as misclassified
No
Message-id
In-reply-to
Content
The following test cases still cause bus errors with the patch applied:
import imageop; imageop.rgb82rgb('A’*(2**30), 32768, 32768) import imageop; imageop.grey2rgb('A’*(2**30), 32768, 32768)
History
Date
User
Action
Args
2008-03-29 04:37:27
chmod007
set
spambayes_score: 0.124706 -> 0.124706
recipients: + chmod007, gvanrossum, nnorwitz, jafo, donmez, nevyn, jhpanetta
2008-03-29 04:37:26
chmod007
set
spambayes_score: 0.124706 -> 0.124706
messageid: [email protected]
2008-03-29 04:37:26
chmod007
link
issue1179 messages
2008-03-29 04:37:25
chmod007
create