{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-16T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "25696", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25696"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"name": "ADV-2007-4238", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "38675", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38675"}, {"name": "TA07-352A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "oval:org.mitre.oval:def:8496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33937"}, {"name": "28136", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28136"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/37471"}, {"name": "27460", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27460"}, {"name": "28480", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28480"}, {"name": "26837", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26837"}, {"name": "ADV-2007-3201", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"name": "DSA-1551", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1551"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "29303", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29303"}, {"name": "oval:org.mitre.oval:def:8486", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "27872", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27872"}, {"name": "29032", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29032"}, {"name": "31492", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31492"}, {"name": "FEDORA-2007-2663", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}, {"name": "oval:org.mitre.oval:def:10804", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"name": "RHSA-2008:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"name": "20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "APPLE-SA-2007-12-17", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "RHSA-2007:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "ADV-2008-0637", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "python-imageop-bo(36653)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "27562", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27562"}, {"name": "USN-585-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"name": "GLSA-200711-07", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"name": "MDVSA-2008:012", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"name": "31255", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31255"}, {"name": "20080212 FLEA-2008-0002-1 python", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"name": "MDVSA-2008:013", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"name": "DSA-1620", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1620"}, {"name": "28838", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28838"}, {"name": "SUSE-SR:2008:003", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.rpath.com/browse/RPL-1885"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "29889", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29889"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4965", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "25696", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25696"}, {"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254", "refsource": "CONFIRM", "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"name": "ADV-2007-4238", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "38675", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38675"}, {"name": "TA07-352A", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "oval:org.mitre.oval:def:8496", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"name": "33937", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33937"}, {"name": "28136", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28136"}, {"name": "37471", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37471"}, {"name": "27460", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27460"}, {"name": "28480", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28480"}, {"name": "26837", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26837"}, {"name": "ADV-2007-3201", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"name": "DSA-1551", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1551"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "29303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29303"}, {"name": "oval:org.mitre.oval:def:8486", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"name": "http://support.apple.com/kb/HT3438", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT3438"}, {"name": "APPLE-SA-2009-02-12", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "27872", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27872"}, {"name": "29032", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29032"}, {"name": "31492", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31492"}, {"name": "FEDORA-2007-2663", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}, {"name": "oval:org.mitre.oval:def:10804", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"name": "RHSA-2008:0629", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"name": "20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "refsource": "FULLDISC", "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "APPLE-SA-2007-12-17", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "RHSA-2007:1076", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "ADV-2008-0637", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "python-imageop-bo(36653)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"name": "http://bugs.gentoo.org/show_bug.cgi?id=192876", "refsource": "CONFIRM", "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"name": "http://docs.info.apple.com/article.html?artnum=307179", "refsource": "CONFIRM", "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "27562", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27562"}, {"name": "USN-585-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"name": "GLSA-200711-07", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"name": "MDVSA-2008:012", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"name": "http://support.avaya.com/css/P8/documents/100074697", "refsource": "CONFIRM", "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"name": "31255", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31255"}, {"name": "20080212 FLEA-2008-0002-1 python", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"name": "MDVSA-2008:013", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"name": "DSA-1620", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1620"}, {"name": "28838", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28838"}, {"name": "SUSE-SR:2008:003", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"name": "https://issues.rpath.com/browse/RPL-1885", "refsource": "CONFIRM", "url": "https://issues.rpath.com/browse/RPL-1885"}, {"name": "ADV-2009-3316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "29889", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29889"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:17:27.603Z"}, "title": "CVE Program Container", "references": [{"name": "[Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"name": "25696", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25696"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"name": "ADV-2007-4238", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"name": "38675", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38675"}, {"name": "TA07-352A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"name": "oval:org.mitre.oval:def:8496", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"name": "33937", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33937"}, {"name": "28136", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28136"}, {"name": "37471", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/37471"}, {"name": "27460", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27460"}, {"name": "28480", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28480"}, {"name": "26837", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26837"}, {"name": "ADV-2007-3201", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"name": "DSA-1551", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1551"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"name": "29303", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29303"}, {"name": "oval:org.mitre.oval:def:8486", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT3438"}, {"name": "APPLE-SA-2009-02-12", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"name": "27872", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27872"}, {"name": "29032", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29032"}, {"name": "31492", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31492"}, {"name": "FEDORA-2007-2663", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}, {"name": "oval:org.mitre.oval:def:10804", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"name": "RHSA-2008:0629", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"name": "20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"name": "20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"name": "APPLE-SA-2007-12-17", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"name": "RHSA-2007:1076", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"name": "ADV-2008-0637", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"name": "python-imageop-bo(36653)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"name": "27562", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/27562"}, {"name": "USN-585-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"name": "GLSA-200711-07", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"name": "MDVSA-2008:012", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"name": "31255", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31255"}, {"name": "20080212 FLEA-2008-0002-1 python", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"name": "MDVSA-2008:013", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"name": "DSA-1620", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1620"}, {"name": "28838", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28838"}, {"name": "SUSE-SR:2008:003", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://issues.rpath.com/browse/RPL-1885"}, {"name": "ADV-2009-3316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"name": "29889", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29889"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4965", "datePublished": "2007-09-18T22:00:00", "dateReserved": "2007-09-18T00:00:00", "dateUpdated": "2024-08-07T15:17:27.603Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "E17596CE-794B-43AF-BD92-CB3C490B3CB4", "versionEndIncluding": "2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en el m\u00f3dulo imageop de Python 2.5.1 y anteriores permiten a atacantes locales o remotos (dependiendo del contexto) provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente obtener informaci\u00f3n sensible (contenidos de memoria) mediante argumentos manipulados para (1) el m\u00e9todo tovideo, y otros vectores no especificados relacionados con (2) imageop.c, (3) rbgimgmodule.c, y otros archivos, que disparan desbordamientos de b\u00fafer basado en mont\u00edculo."}], "id": "CVE-2007-4965", "lastModified": "2023-08-02T18:52:26.423", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-09-18T22:17:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=192876"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://docs.info.apple.com/article.html?artnum=307179"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/26837"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27460"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27562"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/27872"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28136"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28480"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/28838"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29032"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29303"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/29889"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31255"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/31492"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/33937"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/37471"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/38675"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.apple.com/kb/HT3438"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/css/P8/documents/100074697"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1551"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2008/dsa-1620"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/25696"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-585-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/3201"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2007/4238"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2008/0637"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.vupen.com/english/advisories/2009/3316"}, {"source": "cve@mitre.org", "tags": ["VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://issues.rpath.com/browse/RPL-1885"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\n", "lastModified": "2007-10-15T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2007:1076", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "python-0:2.2.3-6.8", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2007-12-10T00:00:00Z"}, {"advisory": "RHSA-2007:1076", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "python-0:2.3.4-14.4.el4_6.1", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2007-12-10T00:00:00Z"}, {"advisory": "RHSA-2009:1176", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "python-0:2.4.3-24.el5_3.6", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2009-07-27T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-solaris-bootstrap-0:5.0.2-3", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn_solaris_bootstrap_5_0_2_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-solaris-bootstrap-0:5.0.2-3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0525", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn_solaris_bootstrap_5_0_2_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0264", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-solaris-bootstrap-0:5.0.2-3", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0264", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn_solaris_bootstrap_5_0_2_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0629", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "rhn-solaris-bootstrap-0:5.1.1-3", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0629", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "rhn_solaris_bootstrap_5_1_1_3-0:1-0", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}], "bugzilla": {"description": "python imageop module heap corruption", "id": "295971", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=295971"}, "csaw": false, "details": ["Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."], "name": "CVE-2007-4965", "public_date": "2007-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2007-4965\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4965"], "statement": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "threat_severity": "Moderate", "upstream_fix": "2.5 14.fc7"}