CVE-2007-4965
published 2007-09-18CVE-2007-4965: Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash)…
PriorityP432medium5.8CVSS 2.0
AVNACMAuNCPINAP
EXPLOIT
EPSS
12.49%
95.7th percentile
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| python | python | < 2.5.3 | 2.5.3 |
| python | python | <= 2.5.1 | — |
| python | python | >= 1.5.2 < 2.4.6 | 2.4.6 |
| python | python | >= 2.5.0 < 2.5.3 | 2.5.3 |
| vmware | esxi | — | — |
| vmware | vmware_tools | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vmware_workstation | — | — |
CVSS provenance
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:P
vendor_redhat5.8MEDIUM
vendor_ubuntu5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-46cx-9569-w574: Multiple integer overflows in imageop
ghsa_unreviewed·2022-05-14·CVSS 5.8
CVE-2008-4864 [MEDIUM] CWE-190 GHSA-46cx-9569-w574: Multiple integer overflows in imageop
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
GHSA
GHSA-v4w5-5ggg-69xc: Multiple integer overflows in imageop
ghsa_unreviewed·2022-05-01·CVSS 5.8
CVE-2008-1679 [MEDIUM] CWE-190 GHSA-v4w5-5ggg-69xc: Multiple integer overflows in imageop
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
GHSA
GHSA-m9f3-5w45-2j8h: Multiple integer overflows in the imageop module in Python 2
ghsa_unreviewed·2022-05-01
CVE-2007-4965 [MEDIUM] CWE-190 GHSA-m9f3-5w45-2j8h: Multiple integer overflows in the imageop module in Python 2
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
VMware
VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
vendor_vmware·2009-11-20·CVSS 5.0
CVE-2007-2052 [MEDIUM] VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
VMSA-2009-0016: VMware vCenter and ESX update release and vMA patch release address multiple security issues in third party components.
a. JRE Security Update JRE update to version 1.5.0_20, which addresses multiple security issues that existed in earlier releases of JRE. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_18: CVE-2009-1093, CVE-2009-1094, CVE-2009-1095, CVE-2009-1096, CVE-2009-1097, CVE-2009-1098, CVE-2009-1099, CVE-2009-1100, CVE-2009-1101, CVE-2009-1102, CVE-2009-1103, CVE-2009-1104, CVE-2009-1105, CVE-2009-1106, and CVE-2009-1107. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the following names to the security issues fixed in JRE 1.5.0_20: CVE-2009-
Red Hat
python: imageop module multiple integer overflows
vendor_redhat·2008-10-19·CVSS 5.8
CVE-2008-4864 [MEDIUM] CWE-190 python: imageop module multiple integer overflows
python: imageop module multiple integer overflows
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
Red Hat
python: imageop module integer overflows
vendor_redhat·2008-03-29·CVSS 5.8
CVE-2008-1679 [MEDIUM] CWE-190 python: imageop module integer overflows
python: imageop module integer overflows
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
Ubuntu
Python vulnerabilities
vendor_ubuntu·2008-03-11·CVSS 5.0
CVE-2007-2052 [MEDIUM] Python vulnerabilities
Title: Python vulnerabilities
Summary: Python vulnerabilities
Piotr Engelking discovered that strxfrm in Python was not correctly
calculating the size of the destination buffer. This could lead to small
information leaks, which might be used by attackers to gain additional
knowledge about the state of a running Python script. (CVE-2007-2052)
A flaw was discovered in the Python imageop module. If a script using
the module could be tricked into processing a specially crafted set of
arguments, a remote attacker could execute arbitrary code, or cause the
application to crash. (CVE-2007-4965)
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Red Hat
python imageop module heap corruption
vendor_redhat·2007-09-16·CVSS 5.8
CVE-2007-4965 [MEDIUM] python imageop module heap corruption
python imageop module heap corruption
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Statement: Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971
The Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/secu
Red Hat
CVE-2007-5045: Argument injection vulnerability in Apple QuickTime 7
vendor_redhat·CVSS 5.0
CVE-2007-5045 [MEDIUM] CVE-2007-5045: Argument injection vulnerability in Apple QuickTime 7
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter containing the Firefox "-chrome" argument. NOTE: this is a related issue to CVE-2006-4965 and the result of an incomplete fix for CVE-2007-3670.
Statement: Not vulnerable. These issues did not affect the versions of Firefox as shipped with Red Hat Enterprise Linux.
No detection rules found.
Exploit-DB
Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities
exploitdb·2007-09-17
CVE-2007-4965 Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities
Python 2.2 ImageOP Module - Multiple Integer Overflow Vulnerabilities
---
source: https://www.securityfocus.com/bid/25696/info
Python's imageop module is prone to multiple integer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input to ensure that integer operations do not overflow.
To successfully exploit these issues, an attacker must be able to control the arguments to imageop functions. Remote attackers may be able to do this, depending on the nature of applications that use the vulnerable functions.
Attackers would likely submit invalid or specially crafted images to applications that perform imageop operations on the data.
A successful exploit may allow attacker-supplied machine code to run in the context of affected applications, facilitating
Exploit-DB
Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution
exploitdb·2006-09-21
CVE-2006-4965 Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution
Apple QuickTime 7.1.3 PlugIn - Arbitrary Script Execution
---
source: https://www.securityfocus.com/bid/20138/info
Apple QuickTime plug-in is prone to an arbitrary-script-execution weakness when executing QuickTime Media Link files (.qtl).
An attacker can exploit this issue to execute arbitrary script code in the context of the affected application and load local content in a user's browser. Although this weakness doesn't pose any direct security threat by itself, an attacker may use it to aid in further attacks.
QuickTime 7.1.3 is vulnerable; other versions may also be affected.
#!/usr/bin/ruby
#
# (c) 2006 LMH
# Original scripting and POC by Aviv Raff (http://aviv.raffon.net).
#
# Description:
# Exploit for MOAB-03-01-2007. If argument 'serve' is passed, it uses port 21 for running
Bugzilla
CVE-2008-4864 python: imageop module multiple integer overflows
bugzilla·2008-11-03·CVSS 5.8
CVE-2008-4864 [MEDIUM] CVE-2008-4864 python: imageop module multiple integer overflows
CVE-2008-4864 python: imageop module multiple integer overflows
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-4864 to the following vulnerability:
Multiple integer overflows in imageop.c in the imageop module in
Python 1.5.2 through 2.5.1 allow context-dependent attackers to break
out of the Python VM and execute arbitrary code via large integer
values in certain arguments to the crop function, leading to a buffer
overflow, a different vulnerability than CVE-2007-4965 and
CVE-2008-1679.
References:
http://scary.beasts.org/security/CESA-2008-008.html
http://svn.python.org/view?rev=66689&view=rev
http://www.securityfocus.com/bid/31976
http://www.openwall.com/lists/oss-security/2008/10/27/2
http://www.openwall.com/lists/oss-security/2008/10/29/3
Discussion:
The Red
Bugzilla
CVE-2008-1679 python: imageop module integer overflows
bugzilla·2008-04-07·CVSS 5.8
CVE-2008-1679 [MEDIUM] CVE-2008-1679 python: imageop module integer overflows
CVE-2008-1679 python: imageop module integer overflows
David Remahl of Apple reported, that the patch used to address multiple integer
overflows in python's imageop module (CVE-2007-4965) did not completely address
all overflow cases.
Additional test cases were provided as additional comment:
http://bugs.python.org/msg64682
in upstream bug report used to track CVE-2007-4965:
http://bugs.python.org/issue1179
Red Hat bug used to track CVE-2007-4965: bug #295971
Acknowledgements:
Red Hat would like to thank David Remahl of the Apple Product Security team
for responsibly reporting these issues.
Discussion:
Patch to address this issue in upstream bug report:
http://bugs.python.org/file9975/python-2.5-int-overflow-2.patch
---
The Red Hat Security Response Team has rated this issue a
Bugzilla
CVE-2007-4965 python imageop module heap corruption
bugzilla·2007-09-19·CVSS 5.8
CVE-2007-4965 [MEDIUM] CVE-2007-4965 python imageop module heap corruption
CVE-2007-4965 python imageop module heap corruption
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4965 to the following vulnerability:
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier
allow context-dependent attackers to cause a denial of service (application
crash) and possibly obtain sensitive information (memory contents) via crafted
arguments to (1) the tovideo method, and unspecified other vectors related to
(2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based
buffer overflows.
References:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html
http://www.securityfocus.com/bid/25696
Upstream bug report for the issue:
http://bugs.python.org/issue1179
Discussion:
Created attachment 200
http://bugs.gentoo.org/show_bug.cgi?id=192876http://docs.info.apple.com/article.html?artnum=307179http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://lists.vmware.com/pipermail/security-announce/2008/000005.htmlhttp://secunia.com/advisories/26837http://secunia.com/advisories/27460http://secunia.com/advisories/27562http://secunia.com/advisories/27872http://secunia.com/advisories/28136http://secunia.com/advisories/28480http://secunia.com/advisories/28838http://secunia.com/advisories/29032http://secunia.com/advisories/29303http://secunia.com/advisories/29889http://secunia.com/advisories/31255http://secunia.com/advisories/31492http://secunia.com/advisories/33937http://secunia.com/advisories/37471http://secunia.com/advisories/38675http://support.apple.com/kb/HT3438http://support.avaya.com/css/P8/documents/100074697http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254http://www.debian.org/security/2008/dsa-1551http://www.debian.org/security/2008/dsa-1620http://www.gentoo.org/security/en/glsa/glsa-200711-07.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:012http://www.mandriva.com/security/advisories?name=MDVSA-2008:013http://www.redhat.com/support/errata/RHSA-2007-1076.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://www.securityfocus.com/archive/1/487990/100/0/threadedhttp://www.securityfocus.com/archive/1/488457/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/25696http://www.ubuntu.com/usn/usn-585-1http://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2007/3201http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2008/0637http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/36653https://issues.rpath.com/browse/RPL-1885https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.htmlhttp://bugs.gentoo.org/show_bug.cgi?id=192876http://docs.info.apple.com/article.html?artnum=307179http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.htmlhttp://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlhttp://lists.vmware.com/pipermail/security-announce/2008/000005.htmlhttp://secunia.com/advisories/26837http://secunia.com/advisories/27460http://secunia.com/advisories/27562http://secunia.com/advisories/27872http://secunia.com/advisories/28136http://secunia.com/advisories/28480http://secunia.com/advisories/28838http://secunia.com/advisories/29032http://secunia.com/advisories/29303http://secunia.com/advisories/29889http://secunia.com/advisories/31255http://secunia.com/advisories/31492http://secunia.com/advisories/33937http://secunia.com/advisories/37471http://secunia.com/advisories/38675http://support.apple.com/kb/HT3438http://support.avaya.com/css/P8/documents/100074697http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254http://www.debian.org/security/2008/dsa-1551http://www.debian.org/security/2008/dsa-1620http://www.gentoo.org/security/en/glsa/glsa-200711-07.xmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:012http://www.mandriva.com/security/advisories?name=MDVSA-2008:013http://www.redhat.com/support/errata/RHSA-2007-1076.htmlhttp://www.redhat.com/support/errata/RHSA-2008-0629.htmlhttp://www.securityfocus.com/archive/1/487990/100/0/threadedhttp://www.securityfocus.com/archive/1/488457/100/0/threadedhttp://www.securityfocus.com/archive/1/507985/100/0/threadedhttp://www.securityfocus.com/bid/25696http://www.ubuntu.com/usn/usn-585-1http://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://www.vmware.com/security/advisories/VMSA-2009-0016.htmlhttp://www.vupen.com/english/advisories/2007/3201http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2008/0637http://www.vupen.com/english/advisories/2009/3316https://exchange.xforce.ibmcloud.com/vulnerabilities/36653https://issues.rpath.com/browse/RPL-1885https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html
2007-09-18
Published