SB2020021838 - Multiple vulnerabilities in Python

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020021838

SB2020021838 - Multiple vulnerabilities in Python

Published: February 18, 2020 Updated: June 3, 2025

Security Bulletin ID SB2020021838
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2010-1450)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.


2) Integer overflow (CVE-ID: CVE-2010-1449)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12.


3) Out-of-bounds write (CVE-ID: CVE-2009-4134)

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference.


Remediation

Install update from vendor's website.

References