CVE-2008-4864
Published: 31 October 2008
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Notes
Author | Note |
---|---|
mdeslaur | this was actually fixed in 2.5.3 regression: http://bugs.python.org/issue4317 PoC: http://scary.beasts.org/security/CESA-2008-008.html |
Priority
Status
Package | Release | Status |
---|---|---|
python2.2 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
python2.3 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
python2.4 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.4.3-0ubuntu6.3)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(2.4.5-1ubuntu4.2)
|
|
intrepid |
Released
(2.4.5-5ubuntu1.1)
|
|
jaunty |
Not vulnerable
(2.4.6-1ubuntu3)
|
|
karmic |
Not vulnerable
(2.4.6-1ubuntu3)
|
|
upstream |
Released
(2.4.5-6)
|
|
Patches: upstream: http://svn.python.org/view?view=rev&revision=67200 upstream: http://svn.python.org/view?view=rev&revision=67270 |
||
python2.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Released
(2.5.2-2ubuntu6)
|
|
intrepid |
Not vulnerable
(2.5.2-11.1ubuntu1)
|
|
jaunty |
Not vulnerable
(2.5.4-1ubuntu4)
|
|
karmic |
Not vulnerable
(2.5.4-1ubuntu4)
|
|
upstream |
Released
(2.5.2-12)
|
|
Patches: upstream: http://svn.python.org/view?view=rev&revision=66689 upstream: http://svn.python.org/view?view=rev&revision=67266 upstream: http://svn.python.org/view?view=rev&revision=66690 upstream: http://svn.python.org/view?view=rev&revision=67268 vendor: http://patch-tracking.debian.net/patch/series/view/python2.5/2.5.2-15/CVE-2008-4864.dpatch |