Description

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Remediation

References

CVE-2007-4965

Related Vulnerabilities

Oracle Application Server Other Vulnerability (CVE-2001-1217)

MediaWiki Missing Authentication for Critical Function Vulnerability (CVE-2019-12468)

WordPress Plugin Post SMTP-WP SMTP with Email Logs & Mobile App for Failure Alerts-Any SMTP Plus Gmail SMTP, Office 365, Brevo, Mailgun, Amazon SES, Postmark SQL Injection (2.8.6)

PHP version older than 5.2.5

WordPress Plugin Pym.js Embeds Cross-Site Scripting (1.3.2)

Severity

Medium

Classification

CVE-2007-4965 CWE-190

Tags

Missing Update Known Vulnerabilities