cbcvebase.
CVE-2008-4864
published 2008-11-01

CVE-2008-4864: Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and…

PriorityP356high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
21.02%
97.3th percentile
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.

Affected

7 ranges
VendorProductVersion rangeFixed in
pythonpython>= 1.5.2 < 2.4.62.4.6
pythonpython>= 2.5.0 < 2.5.32.5.3
vmwareesxi
vmwarevmware_tools
vmwarevmware_vcenter_server
vmwarevmware_vsphere
vmwarevmware_workstation

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_ubuntu7.5HIGH
vendor_redhat5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.