CVE-2007-4965 : Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Published 2007-09-18 22:17:00

Updated 2023-08-02 18:52:26

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2007-4965

Probability of exploitation activity in the next 30 days: 4.62%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2007-4965

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:N/A:P	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2007-4965

CWE-189

Assigned by: nvd@nist.gov (Primary)
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2007-4965

Red Hat 2007-10-15

Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/

References for CVE-2007-4965

http://www.ubuntu.com/usn/usn-585-1

Third Party Advisory

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2007-1076.html

Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1551

Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013

Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486

Broken Link
http://www.vupen.com/english/advisories/2007/4238

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Broken Link

CVEs referencing this url
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

Third Party Advisory
http://docs.info.apple.com/article.html?artnum=307179

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/487990/100/0/threaded

Third Party Advisory;VDB Entry
http://bugs.gentoo.org/show_bug.cgi?id=192876

Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

VMSA-2009-0016.6
Third Party Advisory

CVEs referencing this url
http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Page Not Found | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/3316

Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Broken Link

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496

Broken Link
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html

Exploit
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254

Third Party Advisory
http://support.avaya.com/css/P8/documents/100074697

Third Party Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2007/3201

Broken Link
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Mailing List

CVEs referencing this url
http://www.debian.org/security/2008/dsa-1620

Third Party Advisory

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804

Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653

VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

Third Party Advisory

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012

Broken Link

CVEs referencing this url
http://lists.vmware.com/pipermail/security-announce/2008/000005.html

Third Party Advisory

CVEs referencing this url
http://www.vupen.com/english/advisories/2008/0637

Broken Link

CVEs referencing this url
http://support.apple.com/kb/HT3438

About the security content of Security Update 2009-001 - Apple Support
Third Party Advisory

CVEs referencing this url
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Mailing List

CVEs referencing this url
http://www.redhat.com/support/errata/RHSA-2008-0629.html

Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/507985/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/25696

Exploit;Third Party Advisory;VDB Entry
http://www.securityfocus.com/archive/1/488457/100/0/threaded

Third Party Advisory;VDB Entry

CVEs referencing this url
https://issues.rpath.com/browse/RPL-1885

Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml

Third Party Advisory

Products affected by CVE-2007-4965