CVE-2008-4864 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4864): Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Also see: http://svn.python.org/view/python/trunk/Modules/imageop.c?rev=66689;view=diff;r1=66689;r2=66688;p1=python/trunk/Modules/imageop.c;p2=/python/trunk/Modules/imageop.c This might be used in a webapplication and lead to remote compromise, but it should allow local privilege escalation, so giving it a severity of A1.
Python: please confirm that we've already disabled imageop in all our in-tree versions, see https://bugs.gentoo.org/show_bug.cgi?id=216673
python: *ping*
Looks like one should be closed... (In reply to comment #2) > Python: please confirm that we've already disabled imageop in all our in-tree > versions, see https://bugs.gentoo.org/show_bug.cgi?id=216673 > *ping*
2.5.2-r7 and 2.5.4-r2 are stable on all architectures.
/var/tmp/portage/dev-lang/python-2.4.6/work/2.4.6 $ cat 19_all_no-imageop.patch --- setup.py 2008-05-21 10:26:35.000000000 +0300 +++ setup.py 2008-05-21 10:27:11.000000000 +0300 @@ -434,7 +434,8 @@ # Disabled on 64-bit platforms if sys.maxint != 9223372036854775807L: # Operations on images - exts.append( Extension('imageop', ['imageop.c']) ) + # Disable on 32 bit as well due to #216673 + # exts.append( Extension('imageop', ['imageop.c']) ) # Read SGI RGB image files (but coded portably) exts.append( Extension('rgbimg', ['rgbimgmodule.c']) )
