Vigil@nce: Python, buffer overflows of audioop
June 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can generate several buffer overflows in the audioop
module of Python, in order to create a denial of service or to
execute code.
– Severity: 2/4
– Creation date: 15/06/2010
DESCRIPTION OF THE VULNERABILITY
The audioop module of Python is used to manage audio records.
Several audioop_*() functions of the Modules/audioop.c file do not
check the size of theirs parameters, which forces a read/write at
an invalid memory address.
An attacker can therefore invite the victim to open a malicious
audio file, in order to generate a denial of service or to execute
code, in applications using Python audioop.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Python-buffer-overflows-of-audioop-9708