CVE-2007-4965 Information

Feb 14, 2021 cve

Description

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method and unspecified other vectors related to (2) imageop.c (3) rbgimgmodule.c and other files which trigger heap-based buffer overflows.

Reference

http://bugs.gentoo.org/show_bug.cgi?id=192876 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html http://lists.vmware.com/pipermail/security-announce/2008/000005.html http://secunia.com/advisories/26837 http://secunia.com/advisories/27460 http://secunia.com/advisories/27562 http://secunia.com/advisories/27872 http://secunia.com/advisories/28136 http://secunia.com/advisories/28480 http://secunia.com/advisories/28838 http://secunia.com/advisories/29032 http://secunia.com/advisories/29303 http://secunia.com/advisories/29889 http://secunia.com/advisories/31255 http://secunia.com/advisories/31492 http://secunia.com/advisories/33937 http://secunia.com/advisories/37471 http://secunia.com/advisories/38675 http://support.apple.com/kb/HT3438 http://support.avaya.com/css/P8/documents/100074697 http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 http://www.debian.org/security/2008/dsa-1551 http://www.debian.org/security/2008/dsa-1620 http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 http://www.redhat.com/support/errata/RHSA-2007-1076.html http://www.redhat.com/support/errata/RHSA-2008-0629.html http://www.securityfocus.com/archive/1/487990/100/0/threaded http://www.securityfocus.com/archive/1/488457/100/0/threaded http://www.securityfocus.com/archive/1/507985/100/0/threaded http://www.securityfocus.com/bid/25696 http://www.ubuntu.com/usn/usn-585-1 http://www.us-cert.gov/cas/techalerts/TA07-352A.html http://www.vmware.com/security/advisories/VMSA-2009-0016.html http://www.vupen.com/english/advisories/2007/3201 http://www.vupen.com/english/advisories/2007/4238 http://www.vupen.com/english/advisories/2008/0637 http://www.vupen.com/english/advisories/2009/3316 https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 https://issues.rpath.com/browse/RPL-1885 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10804 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8486 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8496 https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

Share on: