GSD-2007-4965
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-4965",
"description": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.",
"id": "GSD-2007-4965",
"references": [
"https://www.suse.com/security/cve/CVE-2007-4965.html",
"https://www.debian.org/security/2008/dsa-1620",
"https://www.debian.org/security/2008/dsa-1551",
"https://access.redhat.com/errata/RHSA-2009:1176",
"https://access.redhat.com/errata/RHSA-2008:0629",
"https://access.redhat.com/errata/RHSA-2008:0525",
"https://access.redhat.com/errata/RHSA-2008:0264",
"https://access.redhat.com/errata/RHSA-2007:1076",
"https://linux.oracle.com/cve/CVE-2007-4965.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2007-4965"
],
"details": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.",
"id": "GSD-2007-4965",
"modified": "2023-12-13T01:21:37.016810Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
},
{
"name": "25696",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25696"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "38675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38675"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "oval:org.mitre.oval:def:8496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "27460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27460"
},
{
"name": "28480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28480"
},
{
"name": "26837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26837"
},
{
"name": "ADV-2007-3201",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3201"
},
{
"name": "DSA-1551",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1551"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "29303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29303"
},
{
"name": "oval:org.mitre.oval:def:8486",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "27872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27872"
},
{
"name": "29032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29032"
},
{
"name": "31492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31492"
},
{
"name": "FEDORA-2007-2663",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"
},
{
"name": "oval:org.mitre.oval:def:10804",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"
},
{
"name": "RHSA-2008:0629",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
},
{
"name": "20070916 python \u003c= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"
},
{
"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "RHSA-2007:1076",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "ADV-2008-0637",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0637"
},
{
"name": "python-imageop-bo(36653)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=192876",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "27562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27562"
},
{
"name": "USN-585-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-585-1"
},
{
"name": "GLSA-200711-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"
},
{
"name": "MDVSA-2008:012",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"
},
{
"name": "http://support.avaya.com/css/P8/documents/100074697",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/css/P8/documents/100074697"
},
{
"name": "31255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31255"
},
{
"name": "20080212 FLEA-2008-0002-1 python",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"
},
{
"name": "MDVSA-2008:013",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"
},
{
"name": "DSA-1620",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1620"
},
{
"name": "28838",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28838"
},
{
"name": "SUSE-SR:2008:003",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
},
{
"name": "https://issues.rpath.com/browse/RPL-1885",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1885"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "29889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29889"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.5.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4965"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070916 python \u003c= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module",
"refsource": "FULLDISC",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"
},
{
"name": "25696",
"refsource": "BID",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/25696"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=192876",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"
},
{
"name": "https://issues.rpath.com/browse/RPL-1885",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://issues.rpath.com/browse/RPL-1885"
},
{
"name": "FEDORA-2007-2663",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"
},
{
"name": "GLSA-200711-07",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"
},
{
"name": "RHSA-2007:1076",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"
},
{
"name": "26837",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/26837"
},
{
"name": "27460",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/27460"
},
{
"name": "27562",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/27562"
},
{
"name": "27872",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/27872"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "28136",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/28136"
},
{
"name": "MDVSA-2008:012",
"refsource": "MANDRIVA",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"
},
{
"name": "MDVSA-2008:013",
"refsource": "MANDRIVA",
"tags": [
"Broken Link"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"
},
{
"name": "28480",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/28480"
},
{
"name": "SUSE-SR:2008:003",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"
},
{
"name": "28838",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/28838"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"
},
{
"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"refsource": "MLIST",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"
},
{
"name": "29032",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29032"
},
{
"name": "USN-585-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/usn-585-1"
},
{
"name": "29303",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29303"
},
{
"name": "DSA-1551",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1551"
},
{
"name": "29889",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/29889"
},
{
"name": "DSA-1620",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2008/dsa-1620"
},
{
"name": "31255",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31255"
},
{
"name": "31492",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/31492"
},
{
"name": "RHSA-2008:0629",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"tags": [
"Mailing List"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "33937",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "37471",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37471"
},
{
"name": "http://support.avaya.com/css/P8/documents/100074697",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://support.avaya.com/css/P8/documents/100074697"
},
{
"name": "38675",
"refsource": "SECUNIA",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38675"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "ADV-2008-0637",
"refsource": "VUPEN",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2008/0637"
},
{
"name": "ADV-2007-3201",
"refsource": "VUPEN",
"tags": [
"Broken Link"
],
"url": "http://www.vupen.com/english/advisories/2007/3201"
},
{
"name": "python-imageop-bo(36653)",
"refsource": "XF",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"
},
{
"name": "oval:org.mitre.oval:def:8496",
"refsource": "OVAL",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"
},
{
"name": "oval:org.mitre.oval:def:8486",
"refsource": "OVAL",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"
},
{
"name": "oval:org.mitre.oval:def:10804",
"refsource": "OVAL",
"tags": [
"Broken Link"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates",
"refsource": "BUGTRAQ",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"
},
{
"name": "20080212 FLEA-2008-0002-1 python",
"refsource": "BUGTRAQ",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2023-08-02T18:52Z",
"publishedDate": "2007-09-18T22:17Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…