Vulnerability Details : CVE-2007-4965
Potential exploit
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Vulnerability category: Denial of service
Products affected by CVE-2007-4965
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4965
8.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4965
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2007-4965
-
Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-4965
-
Red Hat 2007-10-15Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
References for CVE-2007-4965
-
http://www.ubuntu.com/usn/usn-585-1
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-1076.html
SupportThird Party Advisory
-
http://www.debian.org/security/2008/dsa-1551
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486
Broken Link
-
http://www.vupen.com/english/advisories/2007/4238
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html
Third Party Advisory
-
http://docs.info.apple.com/article.html?artnum=307179
Third Party Advisory
-
http://www.securityfocus.com/archive/1/487990/100/0/threaded
Third Party Advisory;VDB Entry
-
http://bugs.gentoo.org/show_bug.cgi?id=192876
Third Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6Third Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496
Broken Link
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
Exploit
-
http://secunia.com/advisories/28480
Broken Link
-
http://secunia.com/advisories/29889
Broken Link
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254
Third Party Advisory
-
http://secunia.com/advisories/27562
Broken Link
-
http://secunia.com/advisories/31255
Broken Link
-
http://secunia.com/advisories/28136
About Secunia Research | FlexeraBroken Link
-
http://support.avaya.com/css/P8/documents/100074697
Third Party Advisory
-
http://www.vupen.com/english/advisories/2007/3201
Broken Link
-
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Mailing List
-
http://www.debian.org/security/2008/dsa-1620
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804
Broken Link
-
http://secunia.com/advisories/33937
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/27872
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653
VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:003 - openSUSE Security Announce - openSUSE Mailing ListsThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
MandrivaBroken Link
-
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
502 Bad GatewayThird Party Advisory
-
http://www.vupen.com/english/advisories/2008/0637
Site en constructionBroken Link
-
http://secunia.com/advisories/28838
About Secunia Research | FlexeraBroken Link
-
http://support.apple.com/kb/HT3438
About the security content of Security Update 2009-001 - Apple SupportThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Mailing List
-
http://secunia.com/advisories/29303
Broken Link
-
http://secunia.com/advisories/37471
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/38675
Broken Link
-
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SupportThird Party Advisory
-
http://secunia.com/advisories/27460
Broken Link
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/25696
Exploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/488457/100/0/threaded
Third Party Advisory;VDB Entry
-
https://issues.rpath.com/browse/RPL-1885
Third Party Advisory
-
http://secunia.com/advisories/31492
About Secunia Research | FlexeraBroken Link
-
http://secunia.com/advisories/26837
Broken Link
-
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml
Third Party Advisory
-
http://secunia.com/advisories/29032
About Secunia Research | FlexeraBroken Link
Jump to