CVE-2007-4965
Summary
| CVE | CVE-2007-4965 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-09-18 22:17:00 UTC |
| Updated | 2023-08-02 18:52:00 UTC |
| Description | Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows. |
Risk And Classification
Problem Types: CWE-190
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Python | Python | All | All | All | All |
| Application | Python Software Foundation | Python | 1.5.2 | All | All | All |
| Application | Python Software Foundation | Python | 1.6 | All | All | All |
| Application | Python Software Foundation | Python | 1.6.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.0 | All | All | All |
| Application | Python Software Foundation | Python | 2.0.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.6 | All | All | All |
| Application | Python Software Foundation | Python | 2.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.5.1 | All | All | All |
| Application | Python Software Foundation | Python | 1.5.2 | All | All | All |
| Application | Python Software Foundation | Python | 1.6 | All | All | All |
| Application | Python Software Foundation | Python | 1.6.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.0 | All | All | All |
| Application | Python Software Foundation | Python | 2.0.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.1.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.3.6 | All | All | All |
| Application | Python Software Foundation | Python | 2.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.1 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.2 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.3 | All | All | All |
| Application | Python Software Foundation | Python | 2.4.4 | All | All | All |
| Application | Python Software Foundation | Python | 2.5 | All | All | All |
| Application | Python Software Foundation | Python | 2.5.1 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Advisories - Secunia | SECUNIA | secunia.com | |
| APPLE-SA-2009-02-12 Security Update 2009-001 | APPLE | lists.apple.com | |
| VMware ESX Server Multiple Updates - Advisories - Secunia | SECUNIA | secunia.com | |
| US-CERT Technical Cyber Security Alert TA07-352A -- Apple Updates for Multiple Vulnerabilities | CERT | www.us-cert.gov | US Government Resource |
| [Security-announce] VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates | MLIST | lists.vmware.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Support | REDHAT | www.redhat.com | |
| Support | REDHAT | www.redhat.com | |
| Python ImageOP Module Multiple Integer Overflow Vulnerabilities | BID | www.securityfocus.com | Exploit |
| rPath update for idle and python - Advisories - Secunia | SECUNIA | secunia.com | |
| About Security Update 2007-009 | CONFIRM | docs.info.apple.com | |
| [security-announce] SUSE Security Summary Report SUSE-SR:2008:003 | SUSE | lists.opensuse.org | |
| Debian -- Security Information -- DSA-1620-1 python2.5 | DEBIAN | www.debian.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Debian update for python2.5 - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | |
| Mandriva update for python - Advisories - Secunia | SECUNIA | secunia.com | |
| issues.rpath.com/browse/RPL-1885 | CONFIRM | issues.rpath.com | |
| APPLE-SA-2007-12-17 Security Update 2007-009 | APPLE | lists.apple.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Ubuntu update for python - Advisories - Secunia | SECUNIA | secunia.com | |
| Gentoo Bug 192876 - dev-lang/python imageop multiple integer-overflows (CVE-2007-4965) | CONFIRM | bugs.gentoo.org | |
| Advisories:rPSA-2007-0254 - rPath Wiki | CONFIRM | wiki.rpath.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Python imageop "tovideo()" Integer Overflow Security Issue - Advisories - Secunia | SECUNIA | secunia.com | |
| Debian -- Security Information -- DSA-1551-1 python2.4 | DEBIAN | www.debian.org | |
| ASA-2010-050 (SUN 273570) | CONFIRM | support.avaya.com | |
| Gentoo update for python - Advisories - Secunia | SECUNIA | secunia.com | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH | VUPEN | www.vupen.com | |
| Support / Security / Advisories / / MDVSA-2008:013 | Mandriva | MANDRIVA | www.mandriva.com | |
| Apple Mac OS X Security Update Fixes Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| Webmail - OVH | VUPEN | www.vupen.com | |
| SUSE Update for Multiple Packages - Advisories - Secunia | SECUNIA | secunia.com | |
| Support / Security / Advisories / / MDVSA-2008:012 | Mandriva | MANDRIVA | www.mandriva.com | |
| Gentoo Linux Documentation -- Python: User-assisted execution of arbitrary code | GENTOO | www.gentoo.org | |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Debian update for python - Advisories - Secunia | SECUNIA | secunia.com | |
| [SECURITY] Fedora 7 Update: python-2.5-14.fc7 | FEDORA | www.redhat.com | |
| VMSA-2009-0016.1 | CONFIRM | www.vmware.com | |
| USN-585-1: Python vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| [Full-Disclosure] Mailing List Charter | FULLDISC | lists.grok.org.uk | Exploit |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| Fedora update for python - Advisories - Secunia | SECUNIA | secunia.com | |
| Red Hat Network Satellite Server Update for Solaris Client - Advisories - Community | SECUNIA | secunia.com | |
| About the security content of Security Update 2009-001 | CONFIRM | support.apple.com | |
| Avaya CMS Solaris Python Multiple Vulnerabilities - Advisories - Community | SECUNIA | secunia.com | |
| VMware ESX and vMA Update for Multiple Packages - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2007-10-15 | Joshua Bressers | Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/ |
There are currently no legacy QID mappings associated with this CVE.