Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
References
Configurations
History
21 Nov 2024, 00:36
Type | Values Removed | Values Added |
---|---|---|
References | () http://bugs.gentoo.org/show_bug.cgi?id=192876 - Third Party Advisory | |
References | () http://docs.info.apple.com/article.html?artnum=307179 - Third Party Advisory | |
References | () http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html - Mailing List | |
References | () http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html - Exploit | |
References | () http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html - Third Party Advisory | |
References | () http://lists.vmware.com/pipermail/security-announce/2008/000005.html - Third Party Advisory | |
References | () http://secunia.com/advisories/26837 - Broken Link | |
References | () http://secunia.com/advisories/27460 - Broken Link | |
References | () http://secunia.com/advisories/27562 - Broken Link | |
References | () http://secunia.com/advisories/27872 - Broken Link | |
References | () http://secunia.com/advisories/28136 - Broken Link | |
References | () http://secunia.com/advisories/28480 - Broken Link | |
References | () http://secunia.com/advisories/28838 - Broken Link | |
References | () http://secunia.com/advisories/29032 - Broken Link | |
References | () http://secunia.com/advisories/29303 - Broken Link | |
References | () http://secunia.com/advisories/29889 - Broken Link | |
References | () http://secunia.com/advisories/31255 - Broken Link | |
References | () http://secunia.com/advisories/31492 - Broken Link | |
References | () http://secunia.com/advisories/33937 - Broken Link | |
References | () http://secunia.com/advisories/37471 - Broken Link | |
References | () http://secunia.com/advisories/38675 - Broken Link | |
References | () http://support.apple.com/kb/HT3438 - Third Party Advisory | |
References | () http://support.avaya.com/css/P8/documents/100074697 - Third Party Advisory | |
References | () http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 - Third Party Advisory | |
References | () http://www.debian.org/security/2008/dsa-1551 - Third Party Advisory | |
References | () http://www.debian.org/security/2008/dsa-1620 - Third Party Advisory | |
References | () http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml - Third Party Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 - Broken Link | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 - Broken Link | |
References | () http://www.redhat.com/support/errata/RHSA-2007-1076.html - Third Party Advisory | |
References | () http://www.redhat.com/support/errata/RHSA-2008-0629.html - Third Party Advisory | |
References | () http://www.securityfocus.com/archive/1/487990/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/488457/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/archive/1/507985/100/0/threaded - Third Party Advisory, VDB Entry | |
References | () http://www.securityfocus.com/bid/25696 - Exploit, Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/usn-585-1 - Third Party Advisory | |
References | () http://www.us-cert.gov/cas/techalerts/TA07-352A.html - Third Party Advisory, US Government Resource | |
References | () http://www.vmware.com/security/advisories/VMSA-2009-0016.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2007/3201 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2007/4238 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2008/0637 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2009/3316 - Broken Link | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 - VDB Entry | |
References | () https://issues.rpath.com/browse/RPL-1885 - Third Party Advisory | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 - Broken Link | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 - Broken Link | |
References | () https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html - Third Party Advisory |
02 Aug 2023, 18:52
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) http://www.vmware.com/security/advisories/VMSA-2009-0016.html - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2008/0637 - Broken Link | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 - VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/31492 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2007/4238 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/31255 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/488457/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html - Mailing List | |
References | (SECUNIA) http://secunia.com/advisories/28136 - Broken Link | |
References | (CONFIRM) https://issues.rpath.com/browse/RPL-1885 - Third Party Advisory | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/26837 - Broken Link | |
References | (DEBIAN) http://www.debian.org/security/2008/dsa-1551 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/usn-585-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/27872 - Broken Link | |
References | (CONFIRM) http://docs.info.apple.com/article.html?artnum=307179 - Third Party Advisory | |
References | (DEBIAN) http://www.debian.org/security/2008/dsa-1620 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/29303 - Broken Link | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/33937 - Broken Link | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/487990/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (SECUNIA) http://secunia.com/advisories/29889 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/37471 - Broken Link | |
References | (VUPEN) http://www.vupen.com/english/advisories/2007/3201 - Broken Link | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/29032 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/28838 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/27562 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2008-0629.html - Third Party Advisory | |
References | (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html - Mailing List | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 - Broken Link | |
References | (MLIST) http://lists.vmware.com/pipermail/security-announce/2008/000005.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/38675 - Broken Link | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/27460 - Broken Link | |
References | (CONFIRM) http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 - Third Party Advisory | |
References | (CONFIRM) http://support.apple.com/kb/HT3438 - Third Party Advisory | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/507985/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (CERT) http://www.us-cert.gov/cas/techalerts/TA07-352A.html - Third Party Advisory, US Government Resource | |
References | (CONFIRM) http://bugs.gentoo.org/show_bug.cgi?id=192876 - Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/3316 - Broken Link | |
References | (CONFIRM) http://support.avaya.com/css/P8/documents/100074697 - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/25696 - Exploit, Third Party Advisory, VDB Entry | |
References | (OVAL) https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/28480 - Broken Link | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2007-1076.html - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html - Third Party Advisory | |
CWE | CWE-190 | |
CPE | cpe:2.3:a:python_software_foundation:python:2.2.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:1.5.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:1.6.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.5:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.4.3:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.5:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.5.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.1.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.6:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.2.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.4.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.1.1:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.3:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:1.6:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.4.2:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.2.3:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.0:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.1.3:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.3.4:*:*:*:*:*:*:* cpe:2.3:a:python_software_foundation:python:2.4.4:*:*:*:*:*:*:* |
cpe:2.3:a:python:python:*:*:*:*:*:*:*:* |
Information
Published : 2007-09-18 22:17
Updated : 2024-11-21 00:36
NVD link : CVE-2007-4965
Mitre link : CVE-2007-4965
CVE.ORG link : CVE-2007-4965
JSON object : View
Products Affected
python
- python
CWE
CWE-190
Integer Overflow or Wraparound