Full Disclosure mailing list archives
Re: python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module
From: Andrew Farmer <andfarm () gmail com>
Date: Sun, 16 Sep 2007 00:24:04 -0700
On 15 Sep 07, at 16:53, Slythers Bro wrote:
The module imageop contains a lots of int overflow, which result in heap overflow, and maybe memory dump. The files imageop.c and rbgimgmodule.c are examples.
<snip> The real question: Does anybody actually use those modules? Most Python programs that I've seen that do image processing use other methods, like PIL or calling out to Imagemagick. A bit of searching on Google Code Search didn't find me anything that actually used imageop or rgbimgmodule except test cases for those modules. rgbimgmodule isn't even part of a standard build of Python 2.5. Remember that Python is *not* a managed language - there's no guarantees of safety inherent in the language. In fact, there are easier ways to execute native code: take a look at ctypes, for example. While I'd definitely classify the behavior you've identified as a bug, it's unlikely to be exploitable in the context of any programs which use it (if, indeed, there are any). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module Slythers Bro (Sep 15)
- Re: python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module Andrew Farmer (Sep 16)