Python 2.2 ImageOP Module Multiple... CVE-2007-4965 CNNVD-200709-255
ython是一种开放源代码的脚本编程语言。 Python的imageop模块实现上存在堆溢出漏洞,本地攻击者可能利用此漏洞提升自己的权限。 Python的imageop模块的imageop.c和rbgimgmodule.c文件中存在整数溢出漏洞,最终会导致堆溢出。如果用户受骗打开了恶意的图形文件的话,就可能触发这些溢出,导致执行任意指令。有漏洞的代码段如下: static PyObject * imageop_tovideo(PyObject *self, PyObject *args) { int maxx, maxy, x, y, len; ........................ /* *************** int overflow here permit to bypass len check ******************* */ if ( maxx*maxy*width != len ) { PyErr_SetString(ImageopError, "String has incorrect length"); return 0; } rv = PyString_FromStringAndSize(NULL, len); if ( rv == 0 ) return 0; ncp = (unsigned char *)PyString_AsString(rv); if ( width == 1 ) { memcpy(ncp, cp, maxx); /* Copy first line */ ncp += maxx; /* ********** with a negativ value it's possible to bypass the code ********** */ for (y=1; y<maxy; y++) { /* Interpolate other lines */
