Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2007-4965

Published: 18/09/2007 Updated: 02/08/2023
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 585
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P
Subscribe to Python

Vulnerability Summary

Multiple integer overflows in the imageop module in Python 2.5.1 and previous versions allow context-dependent malicious users to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Vulnerable Product Search on Vulmon Subscribe to Product

python python

Vendor Advisories

Red Hat: Moderate: python security update
Synopsis Moderate: python security update Type/Severity Security Advisory: Moderate Topic Updated python packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team Des ...
Ubuntu Security Notice: python2.4⁄2.5 vulnerabilities
Piotr Engelking discovered that strxfrm in Python was not correctly calculating the size of the destination buffer This could lead to small information leaks, which might be used by attackers to gain additional knowledge about the state of a running Python script (CVE-2007-2052) ...
Debian Security Advisories: DSA-1620-1 python2.5 -- several vulnerabilities
Several vulnerabilities have been discovered in the interpreter for the Python language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-2052 Piotr Engelking discovered that the strxfrm() function of the locale module miscalculates the length of an internal buffer, which may result in a mino ...

Exploits

Exploit DB: Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities
source: wwwsecurityfocuscom/bid/25696/info Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow To successfully exploit these issues, an attacker must be able to control the arguments to imageop functi ...

References

CWE-190http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.htmlhttp://www.securityfocus.com/bid/25696http://bugs.gentoo.org/show_bug.cgi?id=192876https://issues.rpath.com/browse/RPL-1885https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200711-07.xmlhttp://www.redhat.com/support/errata/RHSA-2007-1076.htmlhttp://secunia.com/advisories/26837http://secunia.com/advisories/27460http://secunia.com/advisories/27562http://secunia.com/advisories/27872http://docs.info.apple.com/article.html?artnum=307179http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://secunia.com/advisories/28136http://www.mandriva.com/security/advisories?name=MDVSA-2008:012http://www.mandriva.com/security/advisories?name=MDVSA-2008:013http://secunia.com/advisories/28480http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://secunia.com/advisories/28838http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254http://lists.vmware.com/pipermail/security-announce/2008/000005.htmlhttp://secunia.com/advisories/29032http://www.ubuntu.com/usn/usn-585-1http://secunia.com/advisories/29303http://www.debian.org/security/2008/dsa-1551http://secunia.com/advisories/29889http://www.debian.org/security/2008/dsa-1620http://secunia.com/advisories/31255http://secunia.com/advisories/31492http://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://secunia.com/advisories/33937http://support.apple.com/kb/HT3438http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2009/3316http://secunia.com/advisories/37471http://support.avaya.com/css/P8/documents/100074697http://secunia.com/advisories/38675http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2008/0637http://www.vupen.com/english/advisories/2007/3201https://exchange.xforce.ibmcloud.com/vulnerabilities/36653https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804http://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/archive/1/488457/100/0/threadedhttp://www.securityfocus.com/archive/1/487990/100/0/threadedhttps://access.redhat.com/errata/RHSA-2009:1176https://usn.ubuntu.com/585-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/30592/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook