[Security-sig] HTML page of Python security vulnerabilities
Victor Stinner
victor.stinner at gmail.com
Tue Feb 21 13:11:14 EST 2017
Ok, I completed my list of get almost all of the 30 known CVE. Right
now, my list has 40 vulnerabilities.
Remaining issues: cookielib and rgbimg/imageop.
cookielib
https://hackerone.com/reports/26647
https://bugs.python.org/issue25228
http://bugs.python.org/issue22796
rgbimg, imageop: CVE-2009-4134, CVE-2010-3493, CVE-2010-1449
- name: "CVE-2010-1450"
summary: >
rgbimg and imageop buffer overflows
links:
- http://bugs.python.org/issue8678
- https://bugzilla.redhat.com/show_bug.cgi?id=541698
disclosure: "2009-11-26 (Red Hat bz#541698 reported)"
cvss-score: "7.5"
# imageop module was removed in Python 3
ignore-python3: true
fixed-in:
- 93ebfb154456daa841aa223bd296422787b3074c # 2.6
description: >
Multiple buffer overflows in the RLE decoder in the rgbimg module in
Python 2.5 allow remote attackers to have an unspecified impact via an
image file containing crafted data that triggers improper processing
within the (1) longimagedata or (2) expandrow function.
Reported by Marc Schoenefeld.
Victor
More information about the Security-SIG
mailing list