CVE-2009-4134
python: rgbimg: multiple security issues
Severity Score
5.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.
Desbordamiento inferior de búfer en el módulo rgbimg en Python v2.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un valor ZSIZE grande en una imagen RGB blanco-y-negro (también conocido como B/W) que lanza una desreferencia a un puntero no válido.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-12-01 CVE Reserved
- 2010-05-27 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (16)
URL | Tag | Source |
---|---|---|
http://secunia.com/advisories/42888 | Broken Link | |
http://secunia.com/advisories/43068 | Broken Link | |
http://secunia.com/advisories/43364 | Broken Link | |
http://support.apple.com/kb/HT4435 | Third Party Advisory | |
http://www.securityfocus.com/bid/40361 | Third Party Advisory | |
http://www.vupen.com/english/advisories/2011/0122 | Third Party Advisory | |
http://www.vupen.com/english/advisories/2011/0212 | Third Party Advisory | |
http://www.vupen.com/english/advisories/2011/0413 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://bugs.python.org/issue8678 | 2020-02-18 | |
https://bugzilla.redhat.com/show_bug.cgi?id=541698 | 2011-02-16 |