Lookup for vulnerable packages by Package URL.
| Purl | pkg:rpm/redhat/python@2.4.3-43?arch=el5 |
|---|
| Type | rpm |
|---|
| Namespace | redhat |
|---|
| Name | python |
|---|
| Version | 2.4.3-43 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | null |
|---|
| Latest_non_vulnerable_version | null |
|---|
| Affected_by_vulnerabilities |
| 0 |
|
| 1 |
| url |
VCID-d5nm-cwte-qudf |
| vulnerability_id |
VCID-d5nm-cwte-qudf |
| summary |
Buffer underflow in the rgbimg module in Python 2.5 allows remote attackers to cause a denial of service (application crash) via a large ZSIZE value in a black-and-white (aka B/W) RGB image that triggers an invalid pointer dereference. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2009-4134
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d5nm-cwte-qudf |
|
| 2 |
| url |
VCID-hgg5-afas-gqem |
| vulnerability_id |
VCID-hgg5-afas-gqem |
| summary |
Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-1634
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hgg5-afas-gqem |
|
| 3 |
| url |
VCID-kz5q-q45c-jub6 |
| vulnerability_id |
VCID-kz5q-q45c-jub6 |
| summary |
Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 allows remote attackers to have an unspecified impact via a large image that triggers a buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-3143.12. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-1449
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kz5q-q45c-jub6 |
|
| 4 |
| url |
VCID-pzy5-zxy9-g7hx |
| vulnerability_id |
VCID-pzy5-zxy9-g7hx |
| summary |
The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted arguments, as demonstrated by a call to audioop.reverse with a one-byte string, a different vulnerability than CVE-2010-1634. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
|
| aliases |
CVE-2010-2089
|
| risk_score |
0.2 |
| exploitability |
2.0 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-pzy5-zxy9-g7hx |
|
| 5 |
| url |
VCID-ydue-93bt-e7h8 |
| vulnerability_id |
VCID-ydue-93bt-e7h8 |
| summary |
Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2010-1450
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ydue-93bt-e7h8 |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 0.2 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/python@2.4.3-43%3Farch=el5 |
|---|