SSD Advisory – Python Bytecode Disassembler and Decompiler (pycdc) Multiple Vulnerabilities

Vulnerabilities summary
The following advisory describes 12 (twelve) vulnerabilities found in Python Bytecode Disassembler and Decompiler (pycdc).
Python Bytecode Disassembler and Decompiler (pycdc) “aims to translate compiled Python byte-code back into valid and human-readable Python source code. While other projects have achieved this with varied success, Decompyle++ is unique in that it seeks to support byte-code from any version of Python.”
The vulnerabilities found are:

  • Heap buffer overflow (2)
  • Null pointer (8)
  • Global buffer overflow
  • Singed integer overflow

An independent security researcher from Geeknik Labs has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program.
Vendor response
Michael Hansen was informed of the vulnerability and release a patches to address them.
For more details:
At this time we will not disclose PoC – we may release these later when users of the python code have updated their systems.


Get in touch