CVE-2008-4864
CVE-2008-4864
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Affected products
n/a · n/apublic PoCs found — 2
exploitdbwww.exploit-db.com/exploits/10229unverifiedexploitdbwww.exploit-db.com/exploits/32534unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://scary.beasts.org/security/CESA-2008-008.htmlhttp://secunia.com/advisories/33937http://secunia.com/advisories/37471https://exchange.xforce.ibmcloud.com/vulnerabilities/46606https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10702https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8354http://support.apple.com/kb/HT3438http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689&view=diff&r1=66689&r2=66688&p1=python/trunk/Modules/imageop.c&p2=/python/trunk/Modules/imageop.chttp://svn.python.org/view?rev=66689&view=revhttp://www.openwall.com/lists/oss-security/2008/10/27/2http://www.openwall.com/lists/oss-security/2008/10/29/3