CVE-2008-2315: Multiple integer overflows (Apple)

Security patches from Apple: prevent integer overflows when allocating memory.


  • CVE-2008-1679 (imageop)
  • CVE-2008-1721 (zlib)
  • CVE-2008-1887 (PyString_FromStringAndSize())
  • CVE-2008-2315
  • CVE-2008-2316 (hashlib)
  • CVE-2008-3142 (unicode_resize(), PyMem_RESIZE())
  • CVE-2008-3144 (PyOS_vsnprintf())
  • CVE-2008-4864 (imageop)
  • Disclosure date: 2008-07-31 (commit)
  • Reported by: Apple

Fixed In


Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.


Timeline using the disclosure date 2008-07-31 as reference: