CVE-2008-4864

NameCVE-2008-4864
DescriptionMultiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs504619, 504620

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
python2.4source(unstable)2.4.5-6low504620
python2.5source(unstable)2.5.2-12low504619

Notes

[etch] - python2.5 <no-dsa> (Minor issue)
[etch] - python2.4 <no-dsa> (Minor issue)
Search for package or bug name: Reporting problems