Your submission was sent successfully! Close

CVE-2008-1679

Published: 22 April 2008

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.

Priority

Medium

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
dapper
Released (2.4.3-0ubuntu6.2)
feisty
Released (2.4.4-2ubuntu7.2)
gutsy
Released (2.4.4-6ubuntu4.2)
hardy Not vulnerable

upstream Needs triage

Patches:
vendor: http://www.debian.org/security/2008/dsa-1551
python2.5
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty
Released (2.5.1-0ubuntu1.2)
gutsy
Released (2.5.1-5ubuntu5.2)
hardy Not vulnerable

upstream Needs triage