CVE-2007-4965

{"id": "CVE-2007-4965", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-09-18T22:17:00.000", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=192876", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://docs.info.apple.com/article.html?artnum=307179", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html", "tags": ["Mailing List"], "source": "cve@mitre.org"}, {"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2008/000005.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/26837", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27460", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27562", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/27872", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28136", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28480", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/28838", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29032", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29303", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29889", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31255", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31492", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33937", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/37471", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/38675", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://support.apple.com/kb/HT3438", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://support.avaya.com/css/P8/documents/100074697", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1551", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1620", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:012", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:013", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-1076.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/487990/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/488457/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/25696", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "http://www.ubuntu.com/usn/usn-585-1", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/3201", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/4238", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/0637", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/3316", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36653", "tags": ["VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://issues.rpath.com/browse/RPL-1885", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en el m\u00f3dulo imageop de Python 2.5.1 y anteriores permiten a atacantes locales o remotos (dependiendo del contexto) provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) y posiblemente obtener informaci\u00f3n sensible (contenidos de memoria) mediante argumentos manipulados para (1) el m\u00e9todo tovideo, y otros vectores no especificados relacionados con (2) imageop.c, (3) rbgimgmodule.c, y otros archivos, que disparan desbordamientos de b\u00fafer basado en mont\u00edculo."}], "lastModified": "2023-08-02T18:52:26.423", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E17596CE-794B-43AF-BD92-CB3C490B3CB4", "versionEndIncluding": "2.5.1"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/\n", "lastModified": "2007-10-15T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cve@mitre.org"}