Python version 2.7 hotshot module suffers from a heap buffer overflow due to a memcpy in the pack_string function at line 633.
Monthly Archives: November 2015
Python 3.6 audioop.lin2adpcm Buffer Over-Read
Python versions 2.7 and 3.4 through 3.6 audioop.lin2adpcm function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1436 of Modulesaudioop.c.
Python 3.6 audioop.adpcm2lin Buffer Over-Read
Python versions 2.7 and 3.4 through 3.6 audioop.adpcm2lin function suffers from a buffer over-read caused by unchecked access to stepsizeTable at line 1545 of Modulesaudioop.c.
Python 3.5 Bytearray Pop And Remove Buffer Over-Read
Python versions 2.7 and 3.2 through 3.5 bytearray pop and remove methods suffer from buffer over-reads caused by memmove use under the assumption that PyByteArrayObject ob_size is less than ob_alloc, leading to a single byte over-read. This condition can be triggered by creating a bytearray from a range of length 0x10, then calling pop with a valid index.
Python 2.7 array.fromstring Use After Free
Python 2.7 array.fromstring() method suffers from a use after free caused by unsafe realloc use. The issue is triggered when an array is concatenated to itself via fromstring() call.
Python 2.7 strop.replace() Integer Overflow
Python version 2.7 strop.replace() method suffers from an integer overflow that can be exploited to write outside the bounds of the string buffer and potentially achieve code execution. The issue can be triggered by performing a large substitution that overflows the arithmetic used in mymemreplace() to calculate the size of the new string.
You have new fax, document 00529586
You have a new fax! Please download attached fax document. Filesize: 112 Kb Pages number: 11 Scan date: Mon, 2 Nov 2015 15:12:08 +0300 Quality: 300 DPI Scanned by: Morris Chambers Scan time: 52 seconds Fax name: fax-00529586.doc Thanks for choosing Interfax!