Description

Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.

Remediation

References

CVE-2008-1679

Related Vulnerabilities

Squid Integer Overflow or Wraparound Vulnerability (CVE-2020-11945)

PHP Other Vulnerability (CVE-2010-0397)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-19212)

WordPress Plugin Internal Links Manager Multiple Cross-Site Scripting Vulnerabilities (2.1.0)

Undertow Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2021-20220)

Severity

Medium

Classification

CVE-2008-1679 CWE-190

Tags

Missing Update Known Vulnerabilities