Your submission was sent successfully! Close

CVE-2008-4864

Published: 31 October 2008

Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.

Priority

Medium

Status

Package Release Status
python2.2
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

python2.3
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

jaunty Does not exist

karmic Does not exist

upstream Needs triage

python2.4
Launchpad, Ubuntu, Debian
dapper
Released (2.4.3-0ubuntu6.3)
gutsy Needed
(reached end-of-life)
hardy
Released (2.4.5-1ubuntu4.2)
intrepid
Released (2.4.5-5ubuntu1.1)
jaunty Not vulnerable
(2.4.6-1ubuntu3)
karmic Not vulnerable
(2.4.6-1ubuntu3)
upstream
Released (2.4.5-6)
python2.5
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Needed
(reached end-of-life)
hardy
Released (2.5.2-2ubuntu6)
intrepid Not vulnerable
(2.5.2-11.1ubuntu1)
jaunty Not vulnerable
(2.5.4-1ubuntu4)
karmic Not vulnerable
(2.5.4-1ubuntu4)
upstream
Released (2.5.2-12)