CVE-2010-1450

Name	CVE-2010-1450
Description	Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	603162

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
python2.7 (PTS)	jessie, jessie (lts)	2.7.9-2-ds1-1+deb8u12	fixed
	stretch (security)	2.7.13-2+deb9u6	fixed
	stretch (lts), stretch	2.7.13-2+deb9u9	fixed
	buster	2.7.16-2+deb10u1	fixed
	buster (security)	2.7.16-2+deb10u4	fixed
	bullseye	2.7.18-8+deb11u1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Debian Bugs
python2.4	source	(unstable)	(unfixed)	low
python2.5	source	(unstable)	2.5.5-11	low	603162
python2.6	source	(unstable)	(not affected)
python2.7	source	(unstable)	(not affected)
python3.1	source	(unstable)	(not affected)

Notes

- python3.1 <not-affected> (rgbimgmodule no longer included in source)
- python2.7 <not-affected> (rgbimgmodule no longer included in source)
- python2.6 <not-affected> (rgbimgmodule no longer included in source)
[lenny] - python2.5 <no-dsa> (Minor issue)
[lenny] - python2.4 <no-dsa> (Minor issue)