Veracode Vulnerability DatabaseVERACODE:24359Arbitrary Code Execution
0.016 Low
EPSS
Percentile
87.6%
python is vulnerable to arbitrary code execution. The vulnerability exists as multiple flaws were found in the Python rgbimg module. If an application written in Python was using the rgbimg module and loaded a specially-crafted SGI image file, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application.
References
bugs.python.org/issue8678
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
secunia.com/advisories/42888
secunia.com/advisories/43068
secunia.com/advisories/43364
support.apple.com/kb/HT4435
www.mandriva.com/security/advisories?name=MDVSA-2010:215
www.redhat.com/support/errata/RHSA-2011-0027.html
www.redhat.com/support/errata/RHSA-2011-0260.html
www.securityfocus.com/bid/40365
www.vupen.com/english/advisories/2011/0122
www.vupen.com/english/advisories/2011/0212
www.vupen.com/english/advisories/2011/0413
access.redhat.com/errata/RHSA-2011:0027
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=541698
Related
