Lucene search

[email protected]NVD:CVE-2007-4965

HistorySep 18, 2007 - 10:17 p.m.

CVE-2007-4965

2007-09-1822:17:00

CWE-190

[email protected]

web.nvd.nist.gov

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

AI Score

7.5

Confidence

High

EPSS

0.062

Percentile

93.6%

JSON

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Affected configurations

Nvd

Node

pythonpythonRange≤2.5.1

VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python	python	*	cpe:2.3:a:python:python::::::::

References

bugs.gentoo.org/show_bug.cgi?id=192876

docs.info.apple.com/article.html?artnum=307179

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html

lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

lists.vmware.com/pipermail/security-announce/2008/000005.html

secunia.com/advisories/26837

secunia.com/advisories/27460

secunia.com/advisories/27562

secunia.com/advisories/27872

secunia.com/advisories/28136

secunia.com/advisories/28480

secunia.com/advisories/28838

secunia.com/advisories/29032

secunia.com/advisories/29303

secunia.com/advisories/29889

secunia.com/advisories/31255

secunia.com/advisories/31492

secunia.com/advisories/33937

secunia.com/advisories/37471

secunia.com/advisories/38675

support.apple.com/kb/HT3438

support.avaya.com/css/P8/documents/100074697

wiki.rpath.com/wiki/Advisories:rPSA-2007-0254

www.debian.org/security/2008/dsa-1551

www.debian.org/security/2008/dsa-1620

www.gentoo.org/security/en/glsa/glsa-200711-07.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:012

www.mandriva.com/security/advisories?name=MDVSA-2008:013

www.redhat.com/support/errata/RHSA-2007-1076.html

www.redhat.com/support/errata/RHSA-2008-0629.html

www.securityfocus.com/archive/1/487990/100/0/threaded

www.securityfocus.com/archive/1/488457/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/25696

www.ubuntu.com/usn/usn-585-1

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2007/3201

www.vupen.com/english/advisories/2007/4238

www.vupen.com/english/advisories/2008/0637

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/36653

issues.rpath.com/browse/RPL-1885

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496

www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

AI Score

7.5

Confidence

High

EPSS

0.062

Percentile

93.6%

JSON

Related for NVD:CVE-2007-4965

gentoo2 fedora1 openvas39 nessus29 veracode1 cvelist3 prion3 ubuntucve6 exploitdb1 cve3 ubuntu1 nvd2 redhat5 centos2 oraclelinux2 osv2 vmware4 debian2