CVE-2008-1679
Published: 22 April 2008
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
Priority
Status
Package | Release | Status |
---|---|---|
python2.4 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.4.3-0ubuntu6.2)
|
feisty |
Released
(2.4.4-2ubuntu7.2)
|
|
gutsy |
Released
(2.4.4-6ubuntu4.2)
|
|
hardy |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://www.debian.org/security/2008/dsa-1551 |
||
python2.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
feisty |
Released
(2.5.1-0ubuntu1.2)
|
|
gutsy |
Released
(2.5.1-5ubuntu5.2)
|
|
hardy |
Not vulnerable
|
|
upstream |
Needs triage
|