5.8

CVE-2007-4965

Exploit

EPSS 4.81%
Published 18.09.2007 22:17:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Affected products Warnungen 0 Metrics 2 CWE 1 References 52

Data is provided by the National Vulnerability Database (NVD)

Python ≫ Python Version <= 2.5.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.81%	0.891

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

http://secunia.com/advisories/31492

Broken Link

http://www.redhat.com/support/errata/RHSA-2008-0629.html

Third Party Advisory

http://docs.info.apple.com/article.html?artnum=307179

Third Party Advisory

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Mailing List

http://secunia.com/advisories/28136

Broken Link

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Third Party Advisory

US Government Resource

http://www.vupen.com/english/advisories/2007/4238

Broken Link

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Mailing List

http://secunia.com/advisories/33937

Broken Link

http://support.apple.com/kb/HT3438

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

Third Party Advisory

http://secunia.com/advisories/28838

Broken Link

http://lists.vmware.com/pipermail/security-announce/2008/000005.html

Third Party Advisory

http://secunia.com/advisories/29032

Broken Link

http://secunia.com/advisories/29303

Broken Link

http://secunia.com/advisories/29889

Broken Link

http://secunia.com/advisories/31255

Broken Link

http://secunia.com/advisories/37471

Broken Link

http://www.debian.org/security/2008/dsa-1551

Third Party Advisory

http://www.debian.org/security/2008/dsa-1620

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2007-1076.html

Third Party Advisory

http://www.securityfocus.com/archive/1/488457/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Third Party Advisory

VDB Entry

http://www.ubuntu.com/usn/usn-585-1

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Third Party Advisory

http://www.vupen.com/english/advisories/2008/0637

Broken Link

http://www.vupen.com/english/advisories/2009/3316

Broken Link

http://bugs.gentoo.org/show_bug.cgi?id=192876

Third Party Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html

Exploit

http://secunia.com/advisories/26837

Broken Link

http://secunia.com/advisories/27460

Broken Link

http://secunia.com/advisories/27562

Broken Link

http://secunia.com/advisories/27872

Broken Link

http://secunia.com/advisories/28480

Broken Link

http://secunia.com/advisories/38675

Broken Link

http://support.avaya.com/css/P8/documents/100074697

Third Party Advisory

http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254

Third Party Advisory

http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2008:012

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2008:013

Broken Link

http://www.securityfocus.com/archive/1/487990/100/0/threaded

Third Party Advisory

VDB Entry

http://www.securityfocus.com/bid/25696

Third Party Advisory

Exploit

VDB Entry

http://www.vupen.com/english/advisories/2007/3201

Broken Link

https://exchange.xforce.ibmcloud.com/vulnerabilities/36653

VDB Entry

https://issues.rpath.com/browse/RPL-1885

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496

Broken Link

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2007-4965

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2007-4965

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2007-4965

EUVD