CVE-2010-1450

python: rgbimg: multiple security issues

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

Múltiples desbordamientos de búfer en el decodificador RLE en el módulo rgbimg en Python v2.5 permite a atacantes remotos tener un impacto sin especificar a través de fichero de imagen que contiene datos manipulados que lanza un procesado inapropiado dentro de la función (1) longimagedata o (2) expandrow.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-04-15 CVE Reserved
2010-05-27 CVE Published
2024-08-07 CVE Updated
2024-08-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (16)

URL	Tag	Source
http://secunia.com/advisories/42888	Broken Link
http://secunia.com/advisories/43068	Broken Link
http://secunia.com/advisories/43364	Broken Link
http://support.apple.com/kb/HT4435	Third Party Advisory
http://www.securityfocus.com/bid/40365	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0122	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212	Third Party Advisory
http://www.vupen.com/english/advisories/2011/0413	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://bugs.python.org/issue8678	2020-02-18
https://bugzilla.redhat.com/show_bug.cgi?id=541698	2011-02-16

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	2020-02-18
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html	2020-02-18
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215	2020-02-18
http://www.redhat.com/support/errata/RHSA-2011-0027.html	2020-02-18
http://www.redhat.com/support/errata/RHSA-2011-0260.html	2020-02-18
https://access.redhat.com/security/cve/CVE-2010-1450	2011-02-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Python Search vendor "Python"		Python Search vendor "Python" for product "Python"				2.5.0 Search vendor "Python" for product "Python" and version "2.5.0"		-		Affected