CVE-2007-4965
Published: 18 September 2007
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.
Notes
Author | Note |
---|---|
jdstrand | bug report has debdiffs |
Priority
Status
Package | Release | Status |
---|---|---|
python2.2 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
python2.3 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
python2.4 Launchpad, Ubuntu, Debian |
dapper |
Released
(2.4.3-0ubuntu6.1)
|
edgy |
Released
(2.4.4~c1-0ubuntu1.1)
|
|
feisty |
Released
(2.4.4-2ubuntu7.1)
|
|
gutsy |
Released
(2.4.4-6ubuntu4.1)
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|
|
python2.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Released
(2.5-2ubuntu2.1)
|
|
feisty |
Released
(2.5.1-0ubuntu1.1)
|
|
gutsy |
Released
(2.5.1-5ubuntu5.1)
|
|
hardy |
Not vulnerable
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: debdiff: https://bugs.launchpad.net/ubuntu/gutsy/+source/python2.5/+bug/163845 |