CVE-2007-4965

critical

Description

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

References

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

https://issues.rpath.com/browse/RPL-1885

https://exchange.xforce.ibmcloud.com/vulnerabilities/36653

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

http://www.ubuntu.com/usn/usn-585-1

http://www.securityfocus.com/archive/1/507985/100/0/threaded

http://www.securityfocus.com/archive/1/488457/100/0/threaded

http://www.securityfocus.com/archive/1/487990/100/0/threaded

http://www.redhat.com/support/errata/RHSA-2008-0629.html

http://www.redhat.com/support/errata/RHSA-2007-1076.html

http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml

http://www.debian.org/security/2008/dsa-1620

http://www.debian.org/security/2008/dsa-1551

http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254

http://support.avaya.com/css/P8/documents/100074697

http://support.apple.com/kb/HT3438

http://lists.vmware.com/pipermail/security-announce/2008/000005.html

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

http://docs.info.apple.com/article.html?artnum=307179

http://bugs.gentoo.org/show_bug.cgi?id=192876

Details

Source: Mitre, NVD

Published: 2007-09-18

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical