Description
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.
References (15)
Core 15
Core References
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43068
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4435
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0212
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43364
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0413
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0122
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=541698
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42888
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40365
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0027.html
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
Patch, Vendor Advisory x_refsource_confirm
http://bugs.python.org/issue8678
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0260.html
Scores
EPSS
0.0282
EPSS Percentile
86.2%
Details
CWE
CWE-120
Status
published
Products (1)
python/python
2.5.0
Published
May 27, 2010
Tracked Since
Feb 18, 2026