CVE-2010-1450

Name: CVE-2010-1450
Creator: NVD / NIST
Published: 2010-05-27T19:30:01.733+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.85%

Last modified Jun 16, 2026

CVE-2010-1450 is a vulnerability of currently unknown severity. Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.. EPSS estimates a 3.85% chance of exploitation in the next 30 days.

Description

Multiple buffer overflows in the RLE decoder in the rgbimg module in Python 2.5 allow remote attackers to have an unspecified impact via an image file containing crafted data that triggers improper processing within the (1) longimagedata or (2) expandrow function.

Metrics

EPSS Probability

3.85%

88.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-120

Affected Software

Vendor	Product	Versions
Python	Python	2.5.0

References

http://bugs.python.org/issue8678Patch, Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlThird Party Advisory
http://secunia.com/advisories/42888Broken Link
http://secunia.com/advisories/43068Broken Link
http://secunia.com/advisories/43364Broken Link
http://support.apple.com/kb/HT4435Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0027.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0260.htmlThird Party Advisory
http://www.securityfocus.com/bid/40365Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2011/0122Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
http://www.vupen.com/english/advisories/2011/0413Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=541698Issue Tracking, Patch
http://bugs.python.org/issue8678Patch, Vendor Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.htmlThird Party Advisory
http://secunia.com/advisories/42888Broken Link
http://secunia.com/advisories/43068Broken Link
http://secunia.com/advisories/43364Broken Link
http://support.apple.com/kb/HT4435Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:215Broken Link
http://www.redhat.com/support/errata/RHSA-2011-0027.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-0260.htmlThird Party Advisory
http://www.securityfocus.com/bid/40365Third Party Advisory, VDB Entry
http://www.vupen.com/english/advisories/2011/0122Third Party Advisory
http://www.vupen.com/english/advisories/2011/0212Third Party Advisory
http://www.vupen.com/english/advisories/2011/0413Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=541698Issue Tracking, Patch

Timeline

Published: May 27, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-1450?

How severe is CVE-2010-1450?

Severity scoring for CVE-2010-1450 is pending analysis. The EPSS model estimates a 3.85% probability of exploitation in the next 30 days.

How do I fix CVE-2010-1450?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-1450?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST