Notifications for a CVE
Stay informed of any changes for a specific CVE.
CVE Descriptions
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
CVE Informations
Related Weaknesses
| Weakness Name | Source | |
|---|---|---|
| Integer Overflow or Wraparound The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Metrics
| Metrics | Score | Severity | CVSS Vector | Source |
|---|---|---|---|---|
| V2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P | nvd@nist.gov |
EPSS
EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.
EPSS Score
The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS Percentile
The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
Exploit information
Exploit Database EDB-ID : 10229
Publication date : 2009-11-23 23h00 +00:00
Author : Chris Evans
EDB Verified : Yes
Python's 'imageop' module is prone to a buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python module. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.
This issue affects versions prior to Python 2.5.2.
Bugtraq ID: 31976
Class: Boundary Condition Error
CVE: CVE-2008-4864
Published: Oct 29 2008 12:00AM
Updated: Nov 24 2009 07:56PM
Credit: Chris Evans
Vulnerable: VMWare vMA 4.0
VMWare ESX Server 3.0.3
VMWare ESX Server 2.5.5
VMWare ESX Server 4.0
VMWare ESX Server 3.5
Ubuntu Ubuntu Linux 8.10 sparc
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu Ubuntu Linux 8.10 lpia
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu Ubuntu Linux 8.10 amd64
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu Ubuntu Linux 8.04 LTS lpia
Ubuntu Ubuntu Linux 8.04 LTS i386
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
S.u.S.E. SUSE Linux Enterprise Server 10 SP2
S.u.S.E. SUSE Linux Enterprise Desktop 10 SP2
S.u.S.E. SLE SDK 10 SP2
S.u.S.E. openSUSE 11.1
S.u.S.E. openSUSE 11.0
S.u.S.E. openSUSE 10.3
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux Desktop 5 client
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux Desktop version 4
RedHat Enterprise Linux 5 server
RedHat Desktop 3.0
Python Software Foundation Python 2.5.1
Python Software Foundation Python 2.4.5
Python Software Foundation Python 2.4.4 r14
Python Software Foundation Python 2.4.4
Python Software Foundation Python 2.4.3
+ Trustix Secure Linux 3.0.5
Python Software Foundation Python 2.4.2
Python Software Foundation Python 2.4.1
Python Software Foundation Python 2.4
Python Software Foundation Python 2.3.6
Python Software Foundation Python 2.3.5
Python Software Foundation Python 2.3.4
Python Software Foundation Python 2.3.3
Python Software Foundation Python 2.3.2
Python Software Foundation Python 2.3.1
Python Software Foundation Python 2.3 b1
Python Software Foundation Python 2.3
Python Software Foundation Python 2.2.3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
Python Software Foundation Python 2.2
+ Conectiva Linux 8.0
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.1 ia64
+ MandrakeSoft Linux Mandrake 8.1
Python Software Foundation Python 2.1.3
+ Debian Linux 3.0
Python Software Foundation Python 2.1.2
Python Software Foundation Python 2.1.1
Python Software Foundation Python 2.1
Python Software Foundation Python 2.0.1
Python Software Foundation Python 2.0
+ MandrakeSoft Linux Mandrake 8.0 ppc
+ MandrakeSoft Linux Mandrake 8.0
Python Software Foundation Python 1.6.1
Python Software Foundation Python 1.6
Python Software Foundation Python 1.5.2
Python Software Foundation Python 2.5
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Linux Mandrake 2009.0 x86_64
MandrakeSoft Linux Mandrake 2009.0
MandrakeSoft Linux Mandrake 2008.1 x86_64
MandrakeSoft Linux Mandrake 2008.1
MandrakeSoft Linux Mandrake 2008.0 x86_64
MandrakeSoft Linux Mandrake 2008.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
Not Vulnerable: VMWare vMA 4.0 Patch 2
Python Software Foundation Python 2.5.2
POC:
import imageop
s = ''
imageop.crop(s, 1, 65536, 65536, 0, 0, 65536, 65536)
Exploit Database EDB-ID : 32534
Publication date : 2008-10-26 23h00 +00:00
Author : Chris Evans
EDB Verified : Yes
source: https://www.securityfocus.com/bid/31932/info
Python's 'imageop' module is prone to a buffer-overflow vulnerability.
Successful exploits may allow attackers to execute arbitrary code in the context of applications using the vulnerable Python modules. This may result in a compromise of the underlying system. Failed attempts may lead to a denial-of-service condition.
These issues affect versions prior to Python 2.5.2-r6.
import imageop
s = ''
imageop.crop(s, 1, 65536, 65536, 0, 0, 65536, 65536)
Products Mentioned
Configuraton 0
Python>>Python >> Version From (including) 1.5.2 To (excluding) 2.4.6
- Python>>Python >> Version 1.5.2 (Open CPE detail)
- Python>>Python >> Version 1.6 (Open CPE detail)
- Python>>Python >> Version 1.6.1 (Open CPE detail)
- Python>>Python >> Version 2.0 (Open CPE detail)
- Python>>Python >> Version 2.0.1 (Open CPE detail)
- Python>>Python >> Version 2.1 (Open CPE detail)
- Python>>Python >> Version 2.1.1 (Open CPE detail)
- Python>>Python >> Version 2.1.2 (Open CPE detail)
- Python>>Python >> Version 2.1.3 (Open CPE detail)
- Python>>Python >> Version 2.2 (Open CPE detail)
- Python>>Python >> Version 2.2.0 (Open CPE detail)
- Python>>Python >> Version 2.2.1 (Open CPE detail)
- Python>>Python >> Version 2.2.2 (Open CPE detail)
- Python>>Python >> Version 2.2.3 (Open CPE detail)
- Python>>Python >> Version 2.3 (Open CPE detail)
- Python>>Python >> Version 2.3.0 (Open CPE detail)
- Python>>Python >> Version 2.3.1 (Open CPE detail)
- Python>>Python >> Version 2.3.2 (Open CPE detail)
- Python>>Python >> Version 2.3.3 (Open CPE detail)
- Python>>Python >> Version 2.3.4 (Open CPE detail)
- Python>>Python >> Version 2.3.5 (Open CPE detail)
- Python>>Python >> Version 2.3.6 (Open CPE detail)
- Python>>Python >> Version 2.3.7 (Open CPE detail)
- Python>>Python >> Version 2.4 (Open CPE detail)
- Python>>Python >> Version 2.4.0 (Open CPE detail)
- Python>>Python >> Version 2.4.1 (Open CPE detail)
- Python>>Python >> Version 2.4.2 (Open CPE detail)
- Python>>Python >> Version 2.4.3 (Open CPE detail)
- Python>>Python >> Version 2.4.4 (Open CPE detail)
- Python>>Python >> Version 2.4.5 (Open CPE detail)
Python>>Python >> Version From (including) 2.5.0 To (excluding) 2.5.3
- Python>>Python >> Version 2.5.0 (Open CPE detail)
- Python>>Python >> Version 2.5.1 (Open CPE detail)
- Python>>Python >> Version 2.5.2 (Open CPE detail)
References
http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.c
Tags : x_refsource_CONFIRM
Tags : x_refsource_CONFIRM
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354
Tags : vdb-entry, signature, x_refsource_OVAL
Tags : vdb-entry, signature, x_refsource_OVAL
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Tags : vendor-advisory, x_refsource_APPLE
Tags : vendor-advisory, x_refsource_APPLE
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Tags : mailing-list, x_refsource_BUGTRAQ
Tags : mailing-list, x_refsource_BUGTRAQ
