CVE-2010-1449 - Vulnerability Details - OpenCVE

Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Python	Python
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 4
python-0:2.3.4-14.9.el4	cpe:/o:redhat:enterprise_linux:4	RHSA-2011:0260	2011-02-16T00:00:00Z
Red Hat Enterprise Linux 5
python-0:2.4.3-43.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2011:0027	2011-01-13T00:00:00Z

References

Link	Providers
http://bugs.python.org/issue8678
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html
http://secunia.com/advisories/42888
http://secunia.com/advisories/43068
http://secunia.com/advisories/43364
http://support.apple.com/kb/HT4435
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215
http://www.redhat.com/support/errata/RHSA-2011-0027.html
http://www.redhat.com/support/errata/RHSA-2011-0260.html
http://www.securityfocus.com/bid/40363
http://www.vupen.com/english/advisories/2011/0122
http://www.vupen.com/english/advisories/2011/0212
http://www.vupen.com/english/advisories/2011/0413
https://bugzilla.redhat.com/show_bug.cgi?id=541698
https://nvd.nist.gov/vuln/detail/CVE-2010-1449
https://www.cve.org/CVERecord?id=CVE-2010-1449

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2010-05-27T19:00:00

Updated: 2024-08-07T01:21:19.041Z

Reserved: 2010-04-15T00:00:00

Link: CVE-2010-1449

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-05-27T19:30:01.703

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1449

Redhat

Severity : Low

Publid Date: 2010-05-10T00:00:00Z

Links: CVE-2010-1449 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-05-10T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-11-18T10:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "43068", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43068"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "ADV-2011-0212", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "43364", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/43364"}, {"name": "ADV-2011-0413", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0413"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "ADV-2011-0122", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2011/0122"}, {"name": "40363", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/40363"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541698"}, {"name": "SUSE-SR:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "42888", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/42888"}, {"name": "RHSA-2011:0027", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"}, {"name": "MDVSA-2010:215", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.python.org/issue8678"}, {"name": "RHSA-2011:0260", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0260.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:21:19.041Z"}, "title": "CVE Program Container", "references": [{"name": "43068", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43068"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "ADV-2011-0212", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"name": "43364", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/43364"}, {"name": "ADV-2011-0413", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0413"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "ADV-2011-0122", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2011/0122"}, {"name": "40363", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/40363"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541698"}, {"name": "SUSE-SR:2011:002", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"name": "42888", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/42888"}, {"name": "RHSA-2011:0027", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"}, {"name": "MDVSA-2010:215", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.python.org/issue8678"}, {"name": "RHSA-2011:0260", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0260.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-1449", "datePublished": "2010-05-27T19:00:00", "dateReserved": "2010-04-15T00:00:00", "dateUpdated": "2024-08-07T01:21:19.041Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "690CBE11-2D97-4D59-A21C-2AC388E67273", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12."}, {"lang": "es", "value": "Desbordamiento de entero en rgbimgmodule.c en el m\u00f3dulo rgbimg en Python v2.5 permite a atacantes remotos tener un impacto sin especificar a trav\u00e9s de fichero de imagen grande que provoca un desbordamiento de b\u00fafer. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta de CVE-2008-3143.12."}], "id": "CVE-2010-1449", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-05-27T19:30:01.703", "references": [{"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://bugs.python.org/issue8678"}, {"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/42888"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43068"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43364"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0260.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/40363"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0122"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0413"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://bugs.python.org/issue8678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/42888"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43068"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/43364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:215"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0027.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2011-0260.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/40363"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0212"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2011/0413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=541698"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}