CVE-2007-4965 - Vulnerability Details

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Python	Python
Redhat	Enterprise Linux Network Satellite

Configuration 1 [-]

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 3
python-0:2.2.3-6.8	cpe:/o:redhat:enterprise_linux:3	RHSA-2007:1076	2007-12-10T00:00:00Z
Red Hat Enterprise Linux 4
python-0:2.3.4-14.4.el4_6.1	cpe:/o:redhat:enterprise_linux:4	RHSA-2007:1076	2007-12-10T00:00:00Z
Red Hat Enterprise Linux 5
python-0:2.4.3-24.el5_3.6	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:1176	2009-07-27T00:00:00Z
Red Hat Network Satellite Server v 4.2
rhn-solaris-bootstrap-0:5.0.2-3	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0525	2008-06-30T00:00:00Z
rhn_solaris_bootstrap_5_0_2_3-0:1-0	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0525	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 4.2 (RHEL3)
rhn-solaris-bootstrap-0:5.0.2-3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0525	2008-06-30T00:00:00Z
rhn_solaris_bootstrap_5_0_2_3-0:1-0	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0525	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 5.0
rhn-solaris-bootstrap-0:5.0.2-3	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0264	2008-05-20T00:00:00Z
rhn_solaris_bootstrap_5_0_2_3-0:1-0	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0264	2008-05-20T00:00:00Z
Red Hat Network Satellite Server v 5.1
rhn-solaris-bootstrap-0:5.1.1-3	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0629	2008-08-13T00:00:00Z
rhn_solaris_bootstrap_5_1_1_3-0:1-0	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0629	2008-08-13T00:00:00Z

References

Link	Providers
http://bugs.gentoo.org/show_bug.cgi?id=192876
http://docs.info.apple.com/article.html?artnum=307179
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html
http://lists.vmware.com/pipermail/security-announce/2008/000005.html
http://secunia.com/advisories/26837
http://secunia.com/advisories/27460
http://secunia.com/advisories/27562
http://secunia.com/advisories/27872
http://secunia.com/advisories/28136
http://secunia.com/advisories/28480
http://secunia.com/advisories/28838
http://secunia.com/advisories/29032
http://secunia.com/advisories/29303
http://secunia.com/advisories/29889
http://secunia.com/advisories/31255
http://secunia.com/advisories/31492
http://secunia.com/advisories/33937
http://secunia.com/advisories/37471
http://secunia.com/advisories/38675
http://support.apple.com/kb/HT3438
http://support.avaya.com/css/P8/documents/100074697
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254
http://www.debian.org/security/2008/dsa-1551
http://www.debian.org/security/2008/dsa-1620
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013
http://www.redhat.com/support/errata/RHSA-2007-1076.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
http://www.securityfocus.com/archive/1/487990/100/0/threaded
http://www.securityfocus.com/archive/1/488457/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/bid/25696
http://www.ubuntu.com/usn/usn-585-1
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2007/3201
http://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2008/0637
http://www.vupen.com/english/advisories/2009/3316
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653
https://issues.rpath.com/browse/RPL-1885
https://nvd.nist.gov/vuln/detail/CVE-2007-4965
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496
https://www.cve.org/CVERecord?id=CVE-2007-4965
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-18T22:00:00

Updated: 2024-08-07T15:17:27.603Z

Reserved: 2007-09-18T00:00:00

Link: CVE-2007-4965

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-09-18T22:17:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-4965

Redhat

Severity : Moderate

Publid Date: 2007-09-16T00:00:00Z

Links: CVE-2007-4965 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "25696", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25696"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"name": "ADV-2007-4238", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "38675", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38675"}, {"name": "TA07-352A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "oval:org.mitre.oval:def:8496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33937"}, {"name": "28136", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28136"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37471"}, {"name": "27460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27460"}, {"name": "28480", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28480"}, {"name": "26837", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26837"}, {"name": "ADV-2007-3201", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"name": "DSA-1551", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1551"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "29303", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29303"}, {"name": "oval:org.mitre.oval:def:8486", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "27872", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27872"}, {"name": "29032", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29032"}, {"name": "31492", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31492"}, {"name": "FEDORA-2007-2663", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}, {"name": "oval:org.mitre.oval:def:10804", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"name": "RHSA-2008:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"name": "20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "APPLE-SA-2007-12-17", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "RHSA-2007:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "ADV-2008-0637", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "python-imageop-bo(36653)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "27562", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27562"}, {"name": "USN-585-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"name": "GLSA-200711-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"name": "MDVSA-2008:012", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"name": "31255", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31255"}, {"name": "20080212 FLEA-2008-0002-1 python", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"name": "MDVSA-2008:013", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"name": "DSA-1620", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1620"}, {"name": "28838", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28838"}, {"name": "SUSE-SR:2008:003", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1885"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "29889", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29889"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4965", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "25696", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25696"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"name": "ADV-2007-4238", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "38675", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38675"}, {"name": "TA07-352A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "oval:org.mitre.oval:def:8496", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"name": "33937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33937"}, {"name": "28136", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28136"}, {"name": "37471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37471"}, {"name": "27460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27460"}, {"name": "28480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28480"}, {"name": "26837", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26837"}, {"name": "ADV-2007-3201", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"name": "DSA-1551", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1551"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "29303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29303"}, {"name": "oval:org.mitre.oval:def:8486", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"name": "http://support.apple.com/kb/HT3438", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3438"}, {"name": "APPLE-SA-2009-02-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "27872", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27872"}, {"name": "29032", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29032"}, {"name": "31492", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31492"}, {"name": "FEDORA-2007-2663", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}, {"name": "oval:org.mitre.oval:def:10804", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"name": "RHSA-2008:0629", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"name": "20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "APPLE-SA-2007-12-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "RHSA-2007:1076", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "ADV-2008-0637", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "python-imageop-bo(36653)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=192876", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"name": "http://docs.info.apple.com/article.html?artnum=307179", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "27562", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27562"}, {"name": "USN-585-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"name": "GLSA-200711-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"name": "MDVSA-2008:012", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"name": "http://support.avaya.com/css/P8/documents/100074697", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"name": "31255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31255"}, {"name": "20080212 FLEA-2008-0002-1 python", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"name": "MDVSA-2008:013", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"name": "DSA-1620", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1620"}, {"name": "28838", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28838"}, {"name": "SUSE-SR:2008:003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"name": "https://issues.rpath.com/browse/RPL-1885", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1885"}, {"name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "29889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29889"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.603Z"}, "title": "CVE Program Container", "references": [{"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "25696", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25696"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"name": "ADV-2007-4238", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "38675", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38675"}, {"name": "TA07-352A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "oval:org.mitre.oval:def:8496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33937"}, {"name": "28136", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28136"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37471"}, {"name": "27460", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27460"}, {"name": "28480", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28480"}, {"name": "26837", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26837"}, {"name": "ADV-2007-3201", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"name": "DSA-1551", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1551"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "29303", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29303"}, {"name": "oval:org.mitre.oval:def:8486", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "27872", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27872"}, {"name": "29032", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29032"}, {"name": "31492", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31492"}, {"name": "FEDORA-2007-2663", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}, {"name": "oval:org.mitre.oval:def:10804", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"name": "RHSA-2008:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"name": "20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "APPLE-SA-2007-12-17", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "RHSA-2007:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "ADV-2008-0637", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "python-imageop-bo(36653)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "27562", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27562"}, {"name": "USN-585-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"name": "GLSA-200711-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"name": "MDVSA-2008:012", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"name": "31255", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31255"}, {"name": "20080212 FLEA-2008-0002-1 python", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"name": "MDVSA-2008:013", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"name": "DSA-1620", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1620"}, {"name": "28838", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28838"}, {"name": "SUSE-SR:2008:003", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1885"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "29889", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29889"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4965", "datePublished": "2007-09-18T22:00:00", "dateReserved": "2007-09-18T00:00:00", "dateUpdated": "2024-08-07T15:17:27.603Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "E17596CE-794B-43AF-BD92-CB3C490B3CB4", "versionEndIncluding": "2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en el m\u00f3dulo imageop de Python 2.5.1 y anteriores permiten a atacantes locales o remotos (dependiendo del contexto) provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente obtener informaci\u00f3n sensible (contenidos de memoria) mediante argumentos manipulados para (1) el m\u00e9todo tovideo, y otros vectores no especificados relacionados con (2) imageop.c, (3) rbgimgmodule.c, y otros archivos, que disparan desbordamientos de b\u00fafer basado en mont\u00edculo."}], "id": "CVE-2007-4965", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-18T22:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/26837"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27460"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27562"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27872"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28136"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28480"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28838"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29032"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29303"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29889"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31255"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31492"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33937"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/37471"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/38675"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3438"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1551"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1620"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/25696"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://issues.rpath.com/browse/RPL-1885"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/26837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27460"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27872"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28136"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28480"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28838"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29889"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31255"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31492"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33937"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/37471"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/38675"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3438"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1551"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1620"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/25696"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://issues.rpath.com/browse/RPL-1885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\n", "lastModified": "2007-10-15T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:1076", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "python-0:2.2.3-6.8", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-12-10T00:00:00Z"}, {"advisory": "RHSA-2007:1076", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "python-0:2.3.4-14.4.el4_6.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1176", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "python-0:2.4.3-24.el5_3.6", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-07-27T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-solaris-bootstrap-0:5.0.2-3", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn_solaris_bootstrap_5_0_2_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-solaris-bootstrap-0:5.0.2-3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn_solaris_bootstrap_5_0_2_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0264", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-solaris-bootstrap-0:5.0.2-3", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0264", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn_solaris_bootstrap_5_0_2_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0629", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "rhn-solaris-bootstrap-0:5.1.1-3", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0629", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "rhn_solaris_bootstrap_5_1_1_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}], "bugzilla": {"description": "python imageop module heap corruption", "id": "295971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295971"}, "csaw": false, "details": ["Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."], "name": "CVE-2007-4965", "public_date": "2007-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-4965\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4965"], "statement": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object