Search CVE reports
31 – 37 of 37 results
Some fixes available 5 of 7
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
2 affected packages
python2.4, python2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows....
2 affected packages
python2.4, python2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
Some fixes available 7 of 9
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via...
4 affected packages
python2.2, python2.3, python2.4, python2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.2 | — | — | — | — |
| python2.3 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
Some fixes available 2 of 28
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR...
16 affected packages
python2.3, python2.4, python2.5, python2.6, python3.0...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.3 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
| python2.6 | — | — | — | — |
| python3.0 | — | — | — | — |
| python3.1 | — | — | — | — |
| python2.7 | — | Ignored | Not in release | Ignored |
| python3.4 | — | Not in release | Not in release | Not in release |
| python3.5 | — | Not in release | Not in release | Not in release |
| python3.6 | — | Not in release | Not in release | Ignored |
| python3.7 | — | Not in release | Not in release | Ignored |
| python3.8 | — | Not in release | Ignored | Ignored |
| python3.9 | — | Not in release | Not in release | Not in release |
| python3.10 | — | Fixed | Not in release | Not in release |
| python3.11 | — | Ignored | Not in release | Not in release |
| python3.12 | — | Not in release | Not in release | Not in release |
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of...
3 affected packages
python2.3, python2.4, python2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.3 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |
Stack-based buffer overflow in the file_compress function in minigzip (Modules/zlib) in Python 2.5 allows context-dependent attackers to execute arbitrary code via a long file argument.
1 affected package
python2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.5 | — | — | — | — |
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read...
4 affected packages
python2.2, python2.3, python2.4, python2.5
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python2.2 | — | — | — | — |
| python2.3 | — | — | — | — |
| python2.4 | — | — | — | — |
| python2.5 | — | — | — | — |