CVE-2010-1450

critical

Description

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

References

https://bugzilla.redhat.com/show_bug.cgi?id=541698

http://www.vupen.com/english/advisories/2011/0413

http://www.vupen.com/english/advisories/2011/0212

http://www.vupen.com/english/advisories/2011/0122

http://www.securityfocus.com/bid/40365

http://www.redhat.com/support/errata/RHSA-2011-0260.html

http://www.redhat.com/support/errata/RHSA-2011-0027.html

http://support.apple.com/kb/HT4435

http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://bugs.python.org/issue8678

Details

Source: Mitre, NVD

Published: 2010-05-27

Updated: 2020-02-18

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical