CVE-2010-1450 — Classic Buffer Overflow in Python

CWE-120 — Classic Buffer Overflow5 documents5 sources

Severity

7.5HIGHNVD

EPSS

2.8%

top 13.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Debian Python2.7

Timeline

PublishedMay 27

Latest updateMay 2

Description

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDpython/python2.5.0

▶debiandebian/python2.7

Patches

Patch: bugs.python.org ↗Patch: bugzilla.redhat.com ↗Patch: bugs.python.org ↗

🔴Vulnerability Details

GHSA

GHSA-rcg8-wv74-2qwr: Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2↗2022-05-02

▶

📋Vendor Advisories

Red Hat

python: rgbimg: multiple security issues↗2010-05-10

▶

Debian

CVE-2010-1450: python2.7 - Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 ...↗2010

▶

💬Community

Bugzilla

CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 python: rgbimg: multiple security issues↗2009-11-26

▶