Vulnerability Details : CVE-2007-4965
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2007-4965
Probability of exploitation activity in the next 30 days: 4.62%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-4965
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:P |
8.6
|
4.9
|
NIST |
CWE ids for CVE-2007-4965
-
Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-4965
-
Red Hat 2007-10-15Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
-
http://www.ubuntu.com/usn/usn-585-1
Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2007-1076.html
Third Party Advisory
-
http://www.debian.org/security/2008/dsa-1551
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013
Broken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486
Broken Link
-
http://www.vupen.com/english/advisories/2007/4238
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html
Third Party Advisory
-
http://docs.info.apple.com/article.html?artnum=307179
Third Party Advisory
-
http://www.securityfocus.com/archive/1/487990/100/0/threaded
Third Party Advisory;VDB Entry
-
http://bugs.gentoo.org/show_bug.cgi?id=192876
Third Party Advisory
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6Third Party Advisory
-
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
Page Not Found | CISAThird Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496
Broken Link
-
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
Exploit
-
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254
Third Party Advisory
-
http://support.avaya.com/css/P8/documents/100074697
Third Party Advisory
-
http://www.vupen.com/english/advisories/2007/3201
Broken Link
-
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
Mailing List
-
http://www.debian.org/security/2008/dsa-1620
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804
Broken Link
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653
VDB Entry
-
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
Third Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
Broken Link
-
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
Third Party Advisory
-
http://www.vupen.com/english/advisories/2008/0637
Broken Link
-
http://support.apple.com/kb/HT3438
About the security content of Security Update 2009-001 - Apple SupportThird Party Advisory
-
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
Mailing List
-
http://www.redhat.com/support/errata/RHSA-2008-0629.html
Third Party Advisory
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/25696
Exploit;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/488457/100/0/threaded
Third Party Advisory;VDB Entry
-
https://issues.rpath.com/browse/RPL-1885
Third Party Advisory
-
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml
Third Party Advisory
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*