ID |
CVE-2008-1679
|
Summary |
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 6.8 (as of 29-09-2017 - 01:30) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-189 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2013-04-29T04:06:52.162-04:00 | class | vulnerability | contributors | name | Aharon Chernin | organization | SCAP.com, LLC |
name | Dragos Prisaca | organization | G2, Inc. |
| definition_extensions | comment | The operating system installed on the system is Red Hat Enterprise Linux 3 | oval | oval:org.mitre.oval:def:11782 |
comment | CentOS Linux 3.x | oval | oval:org.mitre.oval:def:16651 |
comment | The operating system installed on the system is Red Hat Enterprise Linux 4 | oval | oval:org.mitre.oval:def:11831 |
comment | CentOS Linux 4.x | oval | oval:org.mitre.oval:def:16636 |
comment | Oracle Linux 4.x | oval | oval:org.mitre.oval:def:15990 |
| description | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | family | unix | id | oval:org.mitre.oval:def:10583 | status | accepted | submitted | 2010-07-09T03:56:16-04:00 | title | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | version | 29 |
accepted | 2010-03-01T04:00:13.347-05:00 | class | vulnerability | contributors | name | Pai Peng | organization | Hewlett-Packard |
| definition_extensions | comment | Solaris 10 (SPARC) is installed | oval | oval:org.mitre.oval:def:1440 |
comment | Solaris 10 (x86) is installed | oval | oval:org.mitre.oval:def:1926 |
| description | Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965. | family | unix | id | oval:org.mitre.oval:def:7800 | status | accepted | submitted | 2010-01-19T17:52:34.000-05:00 | title | Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code | version | 35 |
|
redhat
via4
|
rpms | - python-0:2.3.4-14.7.el4_8.2
- python-debuginfo-0:2.3.4-14.7.el4_8.2
- python-devel-0:2.3.4-14.7.el4_8.2
- python-docs-0:2.3.4-14.7.el4_8.2
- python-tools-0:2.3.4-14.7.el4_8.2
- tkinter-0:2.3.4-14.7.el4_8.2
- python-0:2.2.3-6.11
- python-debuginfo-0:2.2.3-6.11
- python-devel-0:2.2.3-6.11
- python-tools-0:2.2.3-6.11
- tkinter-0:2.2.3-6.11
|
|
refmap
via4
|
apple | APPLE-SA-2009-02-12 | confirm | | debian | | gentoo | GLSA-200807-01 | mandriva | - MDVSA-2008:163
- MDVSA-2008:164
| misc | http://bugs.python.org/msg64682 | secunia | - 29889
- 29955
- 30872
- 31255
- 31358
- 31365
- 31518
- 31687
- 33937
- 38675
| slackware | SSA:2008-217-01 | suse | SUSE-SR:2008:017 | ubuntu | USN-632-1 | xf | python-imageopc-bo(41958) |
|
statements
via4
|
contributor | Joshua Bressers | lastmodified | 2008-04-22 | organization | Red Hat | statement | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1679
The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
|
Last major update |
29-09-2017 - 01:30 |
Published |
22-04-2008 - 04:41 |
Last modified |
29-09-2017 - 01:30 |