Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
References
Link Providers
http://bugs.gentoo.org/show_bug.cgi?id=192876 cve-icon cve-icon
http://docs.info.apple.com/article.html?artnum=307179 cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html cve-icon cve-icon
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html cve-icon cve-icon
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html cve-icon cve-icon
http://lists.vmware.com/pipermail/security-announce/2008/000005.html cve-icon cve-icon
http://secunia.com/advisories/26837 cve-icon cve-icon
http://secunia.com/advisories/27460 cve-icon cve-icon
http://secunia.com/advisories/27562 cve-icon cve-icon
http://secunia.com/advisories/27872 cve-icon cve-icon
http://secunia.com/advisories/28136 cve-icon cve-icon
http://secunia.com/advisories/28480 cve-icon cve-icon
http://secunia.com/advisories/28838 cve-icon cve-icon
http://secunia.com/advisories/29032 cve-icon cve-icon
http://secunia.com/advisories/29303 cve-icon cve-icon
http://secunia.com/advisories/29889 cve-icon cve-icon
http://secunia.com/advisories/31255 cve-icon cve-icon
http://secunia.com/advisories/31492 cve-icon cve-icon
http://secunia.com/advisories/33937 cve-icon cve-icon
http://secunia.com/advisories/37471 cve-icon cve-icon
http://secunia.com/advisories/38675 cve-icon cve-icon
http://support.apple.com/kb/HT3438 cve-icon cve-icon
http://support.avaya.com/css/P8/documents/100074697 cve-icon cve-icon
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1551 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1620 cve-icon cve-icon
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2007-1076.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2008-0629.html cve-icon cve-icon
http://www.securityfocus.com/archive/1/487990/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/488457/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/archive/1/507985/100/0/threaded cve-icon cve-icon
http://www.securityfocus.com/bid/25696 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-585-1 cve-icon cve-icon
http://www.us-cert.gov/cas/techalerts/TA07-352A.html cve-icon cve-icon
http://www.vmware.com/security/advisories/VMSA-2009-0016.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/3201 cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/4238 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/0637 cve-icon cve-icon
http://www.vupen.com/english/advisories/2009/3316 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 cve-icon cve-icon
https://issues.rpath.com/browse/RPL-1885 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2007-4965 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2007-4965 cve-icon
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-09-18T22:00:00

Updated: 2024-08-07T15:17:27.603Z

Reserved: 2007-09-18T00:00:00

Link: CVE-2007-4965

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2007-09-18T22:17:00.000

Modified: 2024-11-21T00:36:49.907

Link: CVE-2007-4965

cve-icon Redhat

Severity : Moderate

Publid Date: 2007-09-16T00:00:00Z

Links: CVE-2007-4965 - Bugzilla