Lucene search

PRIOn knowledge basePRION:CVE-2007-4965

HistorySep 18, 2007 - 10:17 p.m.

Integer overflow

2007-09-1822:17:00

PRIOn knowledge base

www.prio-n.com

4.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.042 Low

EPSS

Percentile

92.0%

JSON

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

CPENameOperatorVersion
pythonle2.5.1

CPE	Name	Operator	Version
	python	le	2.5.1

References

bugs.gentoo.org/show_bug.cgi?id=192876

docs.info.apple.com/article.html?artnum=307179

lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html

lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

lists.vmware.com/pipermail/security-announce/2008/000005.html

secunia.com/advisories/26837

secunia.com/advisories/27460

secunia.com/advisories/27562

secunia.com/advisories/27872

secunia.com/advisories/28136

secunia.com/advisories/28480

secunia.com/advisories/28838

secunia.com/advisories/29032

secunia.com/advisories/29303

secunia.com/advisories/29889

secunia.com/advisories/31255

secunia.com/advisories/31492

secunia.com/advisories/33937

secunia.com/advisories/37471

secunia.com/advisories/38675

support.apple.com/kb/HT3438

support.avaya.com/css/P8/documents/100074697

wiki.rpath.com/wiki/Advisories:rPSA-2007-0254

www.debian.org/security/2008/dsa-1551

www.debian.org/security/2008/dsa-1620

www.gentoo.org/security/en/glsa/glsa-200711-07.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:012

www.mandriva.com/security/advisories?name=MDVSA-2008:013

www.redhat.com/support/errata/RHSA-2007-1076.html

www.redhat.com/support/errata/RHSA-2008-0629.html

www.securityfocus.com/archive/1/487990/100/0/threaded

www.securityfocus.com/archive/1/488457/100/0/threaded

www.securityfocus.com/archive/1/507985/100/0/threaded

www.securityfocus.com/bid/25696

www.ubuntu.com/usn/usn-585-1

www.us-cert.gov/cas/techalerts/TA07-352A.html

www.vmware.com/security/advisories/VMSA-2009-0016.html

www.vupen.com/english/advisories/2007/3201

www.vupen.com/english/advisories/2007/4238

www.vupen.com/english/advisories/2008/0637

www.vupen.com/english/advisories/2009/3316

exchange.xforce.ibmcloud.com/vulnerabilities/36653

issues.rpath.com/browse/RPL-1885

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496

www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

4.6 Medium

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:N/A:P

0.042 Low

EPSS

Percentile

92.0%

JSON

Related for PRION:CVE-2007-4965