CVE-2007-4965

Publication date 18 September 2007

Last updated 24 July 2024

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
python2.2	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Ignored
python2.3	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.10 edgy	Not in release
	6.06 LTS dapper	Ignored
python2.4	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Fixed 2.4.4-6ubuntu4.1
	7.04 feisty	Fixed 2.4.4-2ubuntu7.1
	6.10 edgy	Fixed 2.4.4~c1-0ubuntu1.1
	6.06 LTS dapper	Fixed 2.4.3-0ubuntu6.1
python2.5	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Not affected
	8.04 LTS hardy	Not affected
	7.10 gutsy	Fixed 2.5.1-5ubuntu5.1
	7.04 feisty	Fixed 2.5.1-0ubuntu1.1
	6.10 edgy	Fixed 2.5-2ubuntu2.1
	6.06 LTS dapper	Not in release

Notes

jdstrand

bug report has debdiffs

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
python2.5	Debdiff: https://bugs.launchpad.net/ubuntu/gutsy/+source/python2.5/+bug/163845

CVE-2007-4965

Status

Notes

jdstrand

Patch details

References

Related Ubuntu Security Notices (USN)

Other references