| Vulnerability Name: | CVE-2010-1450 (CCN-58880) | ||||||||||||||||||||||||
| Assigned: | 2010-05-10 | ||||||||||||||||||||||||
| Published: | 2010-05-10 | ||||||||||||||||||||||||
| Updated: | 2020-02-18 | ||||||||||||||||||||||||
| Summary: | Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 5.4 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:UR)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:UR)
3.7 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:UR)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-120 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Patch, Vendor Advisory http://bugs.python.org/issue8678 Source: MITRE Type: CNA CVE-2010-1450 Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2010-11-10-1 Source: SUSE Type: Third Party Advisory SUSE-SR:2011:002 Source: CCN Type: RHSA-2011-0027 Low: python security, bug fix, and enhancement update Source: CCN Type: RHSA-2011-0260 Low: python security and bug fix update Source: SECUNIA Type: Broken Link 42888 Source: SECUNIA Type: Broken Link 43068 Source: SECUNIA Type: Broken Link 43364 Source: CONFIRM Type: Third Party Advisory http://support.apple.com/kb/HT4435 Source: MANDRIVA Type: Broken Link MDVSA-2010:215 Source: CCN Type: OSVDB ID: 64965 Python rgbimg Module RLE Decoder Multiple Function Overflow Source: CCN Type: Python Web site Python Programming Language -- Official Website Source: REDHAT Type: Third Party Advisory RHSA-2011:0027 Source: REDHAT Type: Third Party Advisory RHSA-2011:0260 Source: BID Type: Third Party Advisory, VDB Entry 40365 Source: CCN Type: BID-40365 Python 'rgbimg' RLE Decoder Multiple Buffer Overflow Vulnerabilities Source: VUPEN Type: Third Party Advisory ADV-2011-0122 Source: VUPEN Type: Third Party Advisory ADV-2011-0212 Source: VUPEN Type: Third Party Advisory ADV-2011-0413 Source: CONFIRM Type: Issue Tracking, Patch https://bugzilla.redhat.com/show_bug.cgi?id=541698 Source: CCN Type: Red Hat Bugzilla Bug 541698 CVE-2009-4134 CVE-2010-1449 CVE-2010-1450 python: rgbimg: multiple security issues Source: XF Type: UNKNOWN python-rgbimg-rle-bo(58880) Source: SUSE Type: SUSE-SR:2011:002 SUSE Security Summary Report | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4: Configuration RedHat 5: Configuration RedHat 6: Configuration RedHat 7: Configuration RedHat 8: Configuration RedHat 9: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||