Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-1450

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

Published

2010-05-27T19:30:01.733

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	python	python	2.5.0	Yes

References

http://bugs.python.org/issue8678 Patch, Vendor Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html Third Party Advisory ([email protected])
http://secunia.com/advisories/42888 Broken Link ([email protected])
http://secunia.com/advisories/43068 Broken Link ([email protected])
http://secunia.com/advisories/43364 Broken Link ([email protected])
http://support.apple.com/kb/HT4435 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0027.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2011-0260.html Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/40365 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2011/0122 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0212 Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2011/0413 Third Party Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=541698 Issue Tracking, Patch ([email protected])
http://bugs.python.org/issue8678 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/42888 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43068 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/43364 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT4435 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0027.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2011-0260.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/40365 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0122 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0212 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2011/0413 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=541698 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)