The module imageop contains a lots of int overflow, which result in heap overflow, and maybe memory dump. The files imageop.c and rbgimgmodule.c are examples. static PyObject * imageop_tovideo(PyObject *self, PyObject *args) { int maxx, maxy, x, y, len; ........................ /* *************** int overflow here permit to bypass len check ******************* */ if ( maxx*maxy*width != len ) { PyErr_SetString(ImageopError, "String has incorrect length"); return 0; } rv = PyString_FromStringAndSize(NULL, len); if ( rv == 0 ) return 0; ncp = (unsigned char *)PyString_AsString(rv); if ( width == 1 ) { memcpy(ncp, cp, maxx); /* Copy first line */ ncp += maxx; /* ********** with a negativ value it's possible to bypass the code ********** */ for (y=1; y