CVE-2007-4965

Loading...

General

Score:5.8/10.0
Severity:Medium
Category:Numeric Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Relative vulnerabilities

CVE-2006-0024, CVE-2006-1861, CVE-2006-3467, CVE-2006-7228, CVE-2007-1218, CVE-2007-1351, CVE-2007-1352, CVE-2007-1659, CVE-2007-1660, CVE-2007-1661, CVE-2007-1662, CVE-2007-1667, CVE-2007-2052, CVE-2007-3798, CVE-2007-3876, CVE-2007-4131, CVE-2007-4138, CVE-2007-4308, CVE-2007-4351, CVE-2007-4565, CVE-2007-4572, CVE-2007-4708, CVE-2007-4709, CVE-2007-4710, CVE-2007-4766, CVE-2007-4767, CVE-2007-4768, CVE-2007-5116, CVE-2007-5333, CVE-2007-5342, CVE-2007-5379, CVE-2007-5380, CVE-2007-5398, CVE-2007-5461, CVE-2007-5476, CVE-2007-5770, CVE-2007-5847, CVE-2007-5848, CVE-2007-5849, CVE-2007-5850, CVE-2007-5851, CVE-2007-5853, CVE-2007-5854, CVE-2007-5855, CVE-2007-5856, CVE-2007-5857, CVE-2007-5858, CVE-2007-5859, CVE-2007-5860, CVE-2007-5861, CVE-2007-5863, CVE-2007-5966, CVE-2007-6015, CVE-2007-6077, CVE-2007-6165, CVE-2007-6286, CVE-2008-0002, CVE-2008-1232, CVE-2008-1377, CVE-2008-1379, CVE-2008-1679, CVE-2008-1721, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2008-1887, CVE-2008-1927, CVE-2008-1947, CVE-2008-2315, CVE-2008-2316, CVE-2008-2360, CVE-2008-2361, CVE-2008-2362, CVE-2008-2370, CVE-2008-2379, CVE-2008-2711, CVE-2008-3142, CVE-2008-3143, CVE-2008-3144, CVE-2008-3528, CVE-2008-3663, CVE-2008-4307, CVE-2008-4864, CVE-2008-5031, CVE-2008-5050, CVE-2008-5183, CVE-2008-5314, CVE-2008-5515, CVE-2008-5700, CVE-2009-0009, CVE-2009-0011, CVE-2009-0012, CVE-2009-0013, CVE-2009-0014, CVE-2009-0015, CVE-2009-0017, CVE-2009-0018, CVE-2009-0019, CVE-2009-0020, CVE-2009-0028, CVE-2009-0033, CVE-2009-0137, CVE-2009-0138, CVE-2009-0139, CVE-2009-0140, CVE-2009-0141, CVE-2009-0142, CVE-2009-0159, CVE-2009-0269, CVE-2009-0322, CVE-2009-0580, CVE-2009-0675, CVE-2009-0676, CVE-2009-0696, CVE-2009-0745, CVE-2009-0746, CVE-2009-0747, CVE-2009-0748, CVE-2009-0778, CVE-2009-0781, CVE-2009-0783, CVE-2009-0787, CVE-2009-0834, CVE-2009-1072, CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, CVE-2009-1107, CVE-2009-1192, CVE-2009-1252, CVE-2009-1336, CVE-2009-1337, CVE-2009-1385, CVE-2009-1388, CVE-2009-1389, CVE-2009-1439, CVE-2009-1630, CVE-2009-1633, CVE-2009-1895, CVE-2009-2406, CVE-2009-2407, CVE-2009-2414, CVE-2009-2416, CVE-2009-2417, CVE-2009-2625, CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2675, CVE-2009-2676, CVE-2009-2692, CVE-2009-2698, CVE-2009-2716, CVE-2009-2718, CVE-2009-2719, CVE-2009-2720, CVE-2009-2721, CVE-2009-2722, CVE-2009-2723, CVE-2009-2724, CVE-2009-2730, CVE-2009-2847, CVE-2009-2848

Published on 19/09/07 - Updated on 15/10/18

Description

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Category: Numeric Error

CWE-189 (Numeric Errors)
Weaknesses in this category are related to improper calculation or conversion of numbers.

Security Notices

US National Vulnerability DatabaseCVE-2007-4965
Agence Nationale de la Sécurité des Systèmes d'Information CERTA-2007-AVI-551, CERTA-2008-AVI-018, CERTA-2008-AVI-103, CERTA-2009-AVI-068, CERTA-2009-AVI-513
CentOS CESA-2009:1176
Redhat RHSA-2009:1176
Renater 2007/VULN426, 2007/VULN522, 2008/VULN068, 2009/VULN046, 2009/VULN470, 2009/VULN504, 2010/VULN104

Exploits

Exploit-DBEDB-30592
SecurityFocusBID-25696

Relative technologies

VendorProduct
python_software_foundationpython

Share this vulnerability with:

Twitter Facebook LinkedIn Mail