Your submission was sent successfully! Close

CVE-2009-4134

Published: 27 May 2010

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.

Priority

Low

Status

Package Release Status
python2.4
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.4-7)
python2.5
Launchpad, Ubuntu, Debian
Upstream
Released (2.5.1-6)
Patches:
Upstream: http://hg.python.org/cpython/rev/f49d9314d439/

Notes

AuthorNote
jdstrand
per upstream, python2.6 not affected
fix for CVE-2007-4965 also fixed the rgbimg module. This CVE was
assigned after the fact.

References

Bugs