CVE-2008-1679

Publication date 22 April 2008

Last updated 24 July 2024


Ubuntu priority

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.

Status

Package Ubuntu Release Status
python2.4 8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 2.4.4-6ubuntu4.2
7.04 feisty
Fixed 2.4.4-2ubuntu7.2
6.06 LTS dapper
Fixed 2.4.3-0ubuntu6.2
python2.5 8.04 LTS hardy
Not affected
7.10 gutsy
Fixed 2.5.1-5ubuntu5.2
7.04 feisty
Fixed 2.5.1-0ubuntu1.2
6.06 LTS dapper Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
python2.4

References

Related Ubuntu Security Notices (USN)

    • USN-632-1
    • Python vulnerabilities
    • 1 August 2008

Other references