CVE-2010-1450

high

Description

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

References

http://bugs.python.org/issue8678

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://secunia.com/advisories/42888

http://secunia.com/advisories/43068

http://secunia.com/advisories/43364

http://support.apple.com/kb/HT4435

http://www.mandriva.com/security/advisories?name=MDVSA-2010:215

http://www.redhat.com/support/errata/RHSA-2011-0027.html

http://www.redhat.com/support/errata/RHSA-2011-0260.html

http://www.securityfocus.com/bid/40365

http://www.vupen.com/english/advisories/2011/0122

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2011/0413

https://bugzilla.redhat.com/show_bug.cgi?id=541698

Details

Source: MITRE

Published: 2010-05-27

Updated: 2020-02-18

Type: CWE-120

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH