CVE-2010-1450

Published May 27, 2010

Last updated 5 years ago

Overview

Description: Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-120

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "690CBE11-2D97-4D59-A21C-2AC388E67273"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

https://nvd.nist.gov/vuln/detail/CVE-2010-1450
http://bugs.python.org/issue8678
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/42888
http://secunia.com/advisories/43068
http://secunia.com/advisories/43364
http://support.apple.com/kb/HT4435
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
http://www.redhat.com/support/errata/RHSA-2011-0027.html
http://www.redhat.com/support/errata/RHSA-2011-0260.html
http://www.securityfocus.com/bid/40365
http://www.vupen.com/english/advisories/2011/0122
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0413
https://bugzilla.redhat.com/show_bug.cgi?id=541698

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References