CVE-2010-1450
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.4 High
AI Score
Confidence
High
0.016 Low
EPSS
Percentile
87.6%
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| python:python | python | eq | 2.5.0 |
References
bugs.python.org/issue8678
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
secunia.com/advisories/42888
secunia.com/advisories/43068
secunia.com/advisories/43364
support.apple.com/kb/HT4435
www.mandriva.com/security/advisories?name=MDVSA-2010:215
www.redhat.com/support/errata/RHSA-2011-0027.html
www.redhat.com/support/errata/RHSA-2011-0260.html
www.securityfocus.com/bid/40365
www.vupen.com/english/advisories/2011/0122
www.vupen.com/english/advisories/2011/0212
www.vupen.com/english/advisories/2011/0413
bugzilla.redhat.com/show_bug.cgi?id=541698
Related
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.4 High
AI Score
Confidence
High
0.016 Low
EPSS
Percentile
87.6%