* David Remahl reported multiple integer overflows in the file
imageop.c, leading to a heap-based buffer overflow (CVE-2008-1679).
This issue is due to an incomplete fix for CVE-2007-4965.
* Justin Ferguson discovered that an integer signedness error in the
zlib extension module might trigger insufficient memory allocation
and a buffer overflow via a negative signed integer (CVE-2008-1721).
* Justin Ferguson discovered that insufficient input validation in
the PyString_FromStringAndSize() function might lead to a buffer
* David Remahl of Apple Product Security also reported an integer
overflow in the hashlib module, leading to unreliable cryptographic
digest results (CVE-2008-2316).
* Justin Ferguson reported multiple buffer overflows in unicode
string processing that only affect 32bit systems (CVE-2008-3142).
* The Google Security Team reported multiple integer overflows
(CVE-2008-3143).
David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315). He also
reported an integer overflow in the hashlib module on Python 2.5 that
lead to unreliable cryptographic digest results (CVE-2008-2316).
Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).
Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).
tricked into processing malformed images. This issue is also
tracked as CVE-2008-1679 due to an initially incomplete patch.
CVE-2008-1721
Justin Ferguson discovered that a buffer overflow in the zlib
module may lead to the execution of arbitrary code.
CVE-2008-1887
Justin Ferguson discovered that insufficient input validation in
It was discovered that there were new integer overflows in the imageop
module. If an attacker were able to trick a Python application into
processing a specially crafted image, they could execute arbitrary code
with user privileges. (CVE-2008-1679)
Justin Ferguson discovered that the zlib module did not correctly
handle certain archives. If an attacker were able to trick a Python
application into processing a specially crafted archive file, they could
execute arbitrary code with user privileges. (CVE-2008-1721)
Justin Ferguson discovered that certain string manipulations in Python
tricked into processing malformed images. This issue is also
tracked as CVE-2008-1679 due to an initially incomplete patch.
CVE-2008-1721
Justin Ferguson discovered that a buffer overflow in the zlib
module may lead to the execution of arbitrary code.
CVE-2008-1887
Justin Ferguson discovered that insufficient input validation in
to an incomplete fix for CVE-2007-4965.
David Remahl of Apple Product Security reported several integer
overflows in a number of core modules (CVE-2008-2315).
Justin Ferguson reported multiple buffer overflows in unicode string
processing that affected 32bit systems (CVE-2008-3142).
Multiple integer overflows were reported by the Google Security Team
that had been fixed in Python 2.5.2 (CVE-2008-3143).
* Phoenix, and automated vulnerability finding - Tim Burrell, Microsoft
* Cisco IOS Rootkits - Sebastian Muiz, Core
* Advances in attacking interpreted languages - Justin Ferguson, IOActive
* One Token to Rule Them All: Post-Exploitation Fun in Windows Environments
- Luke Jennings, MWR InfoSecurity
* Building the bridge between the Web Application and the OS: GUI access
stringobject, unicodeobject, bufferobject, longobject,
tupleobject, stropmodule, gcmodule, and mmapmodule modules.
CVE-2008-3142
Justin Ferguson discovered that incorrect memory allocation in
the unicode_resize() function can lead to buffer overflows.
CVE-2008-3143
Several integer overflows were discovered in various Python core
