Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-4965

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Published

2007-09-18T22:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

4.9

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	python	python	≤ 2.5.1	Yes

References

http://bugs.gentoo.org/show_bug.cgi?id=192876 Third Party Advisory ([email protected])
http://docs.info.apple.com/article.html?artnum=307179 Third Party Advisory ([email protected])
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html Mailing List ([email protected])
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List ([email protected])
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html Exploit ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html Third Party Advisory ([email protected])
http://lists.vmware.com/pipermail/security-announce/2008/000005.html Third Party Advisory ([email protected])
http://secunia.com/advisories/26837 Broken Link ([email protected])
http://secunia.com/advisories/27460 Broken Link ([email protected])
http://secunia.com/advisories/27562 Broken Link ([email protected])
http://secunia.com/advisories/27872 Broken Link ([email protected])
http://secunia.com/advisories/28136 Broken Link ([email protected])
http://secunia.com/advisories/28480 Broken Link ([email protected])
http://secunia.com/advisories/28838 Broken Link ([email protected])
http://secunia.com/advisories/29032 Broken Link ([email protected])
http://secunia.com/advisories/29303 Broken Link ([email protected])
http://secunia.com/advisories/29889 Broken Link ([email protected])
http://secunia.com/advisories/31255 Broken Link ([email protected])
http://secunia.com/advisories/31492 Broken Link ([email protected])
http://secunia.com/advisories/33937 Broken Link ([email protected])
http://secunia.com/advisories/37471 Broken Link ([email protected])
http://secunia.com/advisories/38675 Broken Link ([email protected])
http://support.apple.com/kb/HT3438 Third Party Advisory ([email protected])
http://support.avaya.com/css/P8/documents/100074697 Third Party Advisory ([email protected])
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1551 Third Party Advisory ([email protected])
http://www.debian.org/security/2008/dsa-1620 Third Party Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 Broken Link ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 Broken Link ([email protected])
http://www.redhat.com/support/errata/RHSA-2007-1076.html Third Party Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0629.html Third Party Advisory ([email protected])
http://www.securityfocus.com/archive/1/487990/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/488457/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/archive/1/507985/100/0/threaded Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/25696 Exploit, Third Party Advisory, VDB Entry ([email protected])
http://www.ubuntu.com/usn/usn-585-1 Third Party Advisory ([email protected])
http://www.us-cert.gov/cas/techalerts/TA07-352A.html Third Party Advisory, US Government Resource ([email protected])
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/3201 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2007/4238 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2008/0637 Broken Link ([email protected])
http://www.vupen.com/english/advisories/2009/3316 Broken Link ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 VDB Entry ([email protected])
https://issues.rpath.com/browse/RPL-1885 Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 Broken Link ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 Broken Link ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html Third Party Advisory ([email protected])
http://bugs.gentoo.org/show_bug.cgi?id=192876 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://docs.info.apple.com/article.html?artnum=307179 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.vmware.com/pipermail/security-announce/2008/000005.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/26837 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27460 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27562 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27872 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28136 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28480 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28838 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29032 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29303 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29889 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31255 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31492 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33937 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37471 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38675 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://support.apple.com/kb/HT3438 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/css/P8/documents/100074697 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1551 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1620 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2007-1076.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0629.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/487990/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/488457/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/507985/100/0/threaded Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25696 Exploit, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-585-1 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA07-352A.html Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2009-0016.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3201 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/4238 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0637 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2009/3316 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-1885 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)