ID CVE-2008-1679
Summary Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
References
Vulnerable Configurations
  • cpe:2.3:a:python:python:-:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:-:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.5.2:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 02-08-2023 - 18:52)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2013-04-29T04:06:52.162-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    description Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
    family unix
    id oval:org.mitre.oval:def:10583
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
    version 29
  • accepted 2010-03-01T04:00:13.347-05:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
    family unix
    id oval:org.mitre.oval:def:7800
    status accepted
    submitted 2010-01-19T17:52:34.000-05:00
    title Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
    version 35
redhat via4
rpms
  • python-0:2.3.4-14.7.el4_8.2
  • python-debuginfo-0:2.3.4-14.7.el4_8.2
  • python-devel-0:2.3.4-14.7.el4_8.2
  • python-docs-0:2.3.4-14.7.el4_8.2
  • python-tools-0:2.3.4-14.7.el4_8.2
  • tkinter-0:2.3.4-14.7.el4_8.2
  • python-0:2.2.3-6.11
  • python-debuginfo-0:2.2.3-6.11
  • python-devel-0:2.2.3-6.11
  • python-tools-0:2.2.3-6.11
  • tkinter-0:2.2.3-6.11
refmap via4
apple APPLE-SA-2009-02-12
confirm
debian
  • DSA-1551
  • DSA-1620
gentoo GLSA-200807-01
mandriva
  • MDVSA-2008:163
  • MDVSA-2008:164
misc http://bugs.python.org/msg64682
secunia
  • 29889
  • 29955
  • 30872
  • 31255
  • 31358
  • 31365
  • 31518
  • 31687
  • 33937
  • 38675
slackware SSA:2008-217-01
suse SUSE-SR:2008:017
ubuntu USN-632-1
xf python-imageopc-bo(41958)
statements via4
contributor Joshua Bressers
lastmodified 2008-04-22
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=CVE-2008-1679 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 02-08-2023 - 18:52
Published 22-04-2008 - 04:41
Last modified 02-08-2023 - 18:52
Back to Top