Your submission was sent successfully! Close

CVE-2009-4134

Published: 27 May 2010

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

Priority

Low

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
hardy Not vulnerable
(2.4.5-1ubuntu4.3)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.4.4-7)
python2.5
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable
(2.5.2-2ubuntu6.1)
jaunty Ignored
(reached end-of-life)
karmic Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

precise Does not exist

quantal Does not exist

upstream
Released (2.5.1-6)

Notes

AuthorNote
jdstrand
per upstream, python2.6 not affected
fix for CVE-2007-4965 also fixed the rgbimg module. This CVE was
assigned after the fact.

References

Bugs