ID CVE-2007-4965
Summary Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
References
Vulnerable Configurations
  • cpe:2.3:a:python:python:-:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:-:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:0.9.9:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:0.9.9:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.3.7:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.5:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:python:python:2.5.1:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 02-08-2023 - 18:52)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:P
oval via4
  • accepted 2013-04-29T04:08:56.150-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    family unix
    id oval:org.mitre.oval:def:10804
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    version 30
  • accepted 2014-01-20T04:01:39.548-05:00
    class vulnerability
    contributors
    • name Pai Peng
      organization Hewlett-Packard
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    • comment VMWare ESX Server 3.0.3 is installed
      oval oval:org.mitre.oval:def:6026
    • comment VMware ESX Server 3.5.0 is installed
      oval oval:org.mitre.oval:def:5887
    • comment VMware ESX Server 4.0 is installed
      oval oval:org.mitre.oval:def:6293
    description Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    family unix
    id oval:org.mitre.oval:def:8486
    status accepted
    submitted 2010-03-19T16:57:59.000-04:00
    title VMware python integer overflows vulnerability in the imageop module
    version 7
  • accepted 2010-03-01T04:00:29.099-05:00
    class vulnerability
    contributors
    name Pai Peng
    organization Hewlett-Packard
    definition_extensions
    • comment Solaris 10 (SPARC) is installed
      oval oval:org.mitre.oval:def:1440
    • comment Solaris 10 (x86) is installed
      oval oval:org.mitre.oval:def:1926
    description Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
    family unix
    id oval:org.mitre.oval:def:8496
    status accepted
    submitted 2010-01-19T17:52:34.000-05:00
    title Multiple Buffer and Integer Overflow Vulnerabilities in Python (python(1)) May Lead to a Denial of Service (DoS) or Allow Execution of Arbitrary Code
    version 35
redhat via4
advisories
  • bugzilla
    id 383371
    title CVE-2006-7228 pcre integer overflow
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhba:tst:20070304025
      • OR
        • AND
          • comment python is earlier than 0:2.3.4-14.4.el4_6.1
            oval oval:com.redhat.rhsa:tst:20071076001
          • comment python is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060197002
        • AND
          • comment python-devel is earlier than 0:2.3.4-14.4.el4_6.1
            oval oval:com.redhat.rhsa:tst:20071076003
          • comment python-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060197004
        • AND
          • comment python-docs is earlier than 0:2.3.4-14.4.el4_6.1
            oval oval:com.redhat.rhsa:tst:20071076005
          • comment python-docs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060197006
        • AND
          • comment python-tools is earlier than 0:2.3.4-14.4.el4_6.1
            oval oval:com.redhat.rhsa:tst:20071076007
          • comment python-tools is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060197008
        • AND
          • comment tkinter is earlier than 0:2.3.4-14.4.el4_6.1
            oval oval:com.redhat.rhsa:tst:20071076009
          • comment tkinter is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20060197010
    rhsa
    id RHSA-2007:1076
    released 2007-12-10
    severity Moderate
    title RHSA-2007:1076: python security update (Moderate)
  • rhsa
    id RHSA-2008:0629
rpms
  • python-0:2.2.3-6.8
  • python-0:2.3.4-14.4.el4_6.1
  • python-debuginfo-0:2.2.3-6.8
  • python-debuginfo-0:2.3.4-14.4.el4_6.1
  • python-devel-0:2.2.3-6.8
  • python-devel-0:2.3.4-14.4.el4_6.1
  • python-docs-0:2.3.4-14.4.el4_6.1
  • python-tools-0:2.2.3-6.8
  • python-tools-0:2.3.4-14.4.el4_6.1
  • tkinter-0:2.2.3-6.8
  • tkinter-0:2.3.4-14.4.el4_6.1
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.0.2-3
  • rhn_solaris_bootstrap_5_0_2_3-0:1-0
  • rhn-solaris-bootstrap-0:5.1.1-3
  • rhn_solaris_bootstrap_5_1_1_3-0:1-0
  • python-0:2.4.3-24.el5_3.6
  • python-debuginfo-0:2.4.3-24.el5_3.6
  • python-devel-0:2.4.3-24.el5_3.6
  • python-tools-0:2.4.3-24.el5_3.6
  • tkinter-0:2.4.3-24.el5_3.6
refmap via4
apple
  • APPLE-SA-2007-12-17
  • APPLE-SA-2009-02-12
bid 25696
bugtraq
  • 20080212 FLEA-2008-0002-1 python
  • 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
  • 20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components
cert TA07-352A
confirm
debian
  • DSA-1551
  • DSA-1620
fedora FEDORA-2007-2663
fulldisc 20070916 python <= 2.5.1 standart librairy multiples int overflow, heap overflow in imageop module
gentoo GLSA-200711-07
mandriva
  • MDVSA-2008:012
  • MDVSA-2008:013
mlist [Security-announce] 20080221 VMSA-2008-0003 Moderate: Updated aacraid driver and samba and python service console updates
secunia
  • 26837
  • 27460
  • 27562
  • 27872
  • 28136
  • 28480
  • 28838
  • 29032
  • 29303
  • 29889
  • 31255
  • 31492
  • 33937
  • 37471
  • 38675
suse SUSE-SR:2008:003
ubuntu USN-585-1
vupen
  • ADV-2007-3201
  • ADV-2007-4238
  • ADV-2008-0637
  • ADV-2009-3316
xf python-imageop-bo(36653)
statements via4
contributor Joshua Bressers
lastmodified 2007-10-15
organization Red Hat
statement Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971 The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: http://www.redhat.com/security/updates/classification/
Last major update 02-08-2023 - 18:52
Published 18-09-2007 - 22:17
Last modified 02-08-2023 - 18:52
Back to Top