Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2008-1679: Message 64682 - Python tracker

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.

CVE
#dos#buffer_overflow#auth

Message64682

Author

chmod007

Recipients

chmod007, donmez, gvanrossum, jafo, jhpanetta, nevyn, nnorwitz

Date

2008-03-29.04:37:25

SpamBayes Score

0.124706

Marked as misclassified

No

Message-id

[email protected]

In-reply-to

Content

The following test cases still cause bus errors with the patch applied:

import imageop; imageop.rgb82rgb('A’*(2**30), 32768, 32768) import imageop; imageop.grey2rgb('A’*(2**30), 32768, 32768)

History

Date

User

Action

Args

2008-03-29 04:37:27

chmod007

set

spambayes_score: 0.124706 -> 0.124706
recipients: + chmod007, gvanrossum, nnorwitz, jafo, donmez, nevyn, jhpanetta

2008-03-29 04:37:26

chmod007

set

spambayes_score: 0.124706 -> 0.124706
messageid: [email protected]

2008-03-29 04:37:26

chmod007

link

issue1179 messages

2008-03-29 04:37:25

chmod007

create

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907