CVE-2007-4965

Name: CVE-2007-4965
Creator: NVD / NIST
Published: 2007-09-18T22:17:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.49%

Last modified Jun 16, 2026

CVE-2007-4965 is a vulnerability of currently unknown severity. Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.. EPSS estimates a 12.49% chance of exploitation in the next 30 days.

Description

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Metrics

EPSS Probability

12.49%

95.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-190

Affected Software

Vendor	Product	Versions
Python	Python	<= 2.5.1

References

http://bugs.gentoo.org/show_bug.cgi?id=192876Third Party Advisory
http://docs.info.apple.com/article.html?artnum=307179Third Party Advisory
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlMailing List
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlMailing List
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.htmlExploit
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlThird Party Advisory
http://lists.vmware.com/pipermail/security-announce/2008/000005.htmlThird Party Advisory
http://secunia.com/advisories/26837Broken Link
http://secunia.com/advisories/27460Broken Link
http://secunia.com/advisories/27562Broken Link
http://secunia.com/advisories/27872Broken Link
http://secunia.com/advisories/28136Broken Link
http://secunia.com/advisories/28480Broken Link
http://secunia.com/advisories/28838Broken Link
http://secunia.com/advisories/29032Broken Link
http://secunia.com/advisories/29303Broken Link
http://secunia.com/advisories/29889Broken Link
http://secunia.com/advisories/31255Broken Link
http://secunia.com/advisories/31492Broken Link
http://secunia.com/advisories/33937Broken Link
http://secunia.com/advisories/37471Broken Link
http://secunia.com/advisories/38675Broken Link
http://support.apple.com/kb/HT3438Third Party Advisory
http://support.avaya.com/css/P8/documents/100074697Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254Third Party Advisory
http://www.debian.org/security/2008/dsa-1551Third Party Advisory
http://www.debian.org/security/2008/dsa-1620Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xmlThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013Broken Link
http://www.redhat.com/support/errata/RHSA-2007-1076.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/487990/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/488457/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/507985/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25696Exploit, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-585-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-352A.htmlThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2007/3201Broken Link
http://www.vupen.com/english/advisories/2007/4238Broken Link
http://www.vupen.com/english/advisories/2008/0637Broken Link
http://www.vupen.com/english/advisories/2009/3316Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653VDB Entry
https://issues.rpath.com/browse/RPL-1885Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.htmlThird Party Advisory
http://bugs.gentoo.org/show_bug.cgi?id=192876Third Party Advisory
http://docs.info.apple.com/article.html?artnum=307179Third Party Advisory
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlMailing List
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlMailing List
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.htmlExploit
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.htmlThird Party Advisory
http://lists.vmware.com/pipermail/security-announce/2008/000005.htmlThird Party Advisory
http://secunia.com/advisories/26837Broken Link
http://secunia.com/advisories/27460Broken Link
http://secunia.com/advisories/27562Broken Link
http://secunia.com/advisories/27872Broken Link
http://secunia.com/advisories/28136Broken Link
http://secunia.com/advisories/28480Broken Link
http://secunia.com/advisories/28838Broken Link
http://secunia.com/advisories/29032Broken Link
http://secunia.com/advisories/29303Broken Link
http://secunia.com/advisories/29889Broken Link
http://secunia.com/advisories/31255Broken Link
http://secunia.com/advisories/31492Broken Link
http://secunia.com/advisories/33937Broken Link
http://secunia.com/advisories/37471Broken Link
http://secunia.com/advisories/38675Broken Link
http://support.apple.com/kb/HT3438Third Party Advisory
http://support.avaya.com/css/P8/documents/100074697Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254Third Party Advisory
http://www.debian.org/security/2008/dsa-1551Third Party Advisory
http://www.debian.org/security/2008/dsa-1620Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xmlThird Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013Broken Link
http://www.redhat.com/support/errata/RHSA-2007-1076.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2008-0629.htmlThird Party Advisory
http://www.securityfocus.com/archive/1/487990/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/488457/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/507985/100/0/threadedThird Party Advisory, VDB Entry
http://www.securityfocus.com/bid/25696Exploit, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-585-1Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA07-352A.htmlThird Party Advisory, US Government Resource
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2007/3201Broken Link
http://www.vupen.com/english/advisories/2007/4238Broken Link
http://www.vupen.com/english/advisories/2008/0637Broken Link
http://www.vupen.com/english/advisories/2009/3316Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653VDB Entry
https://issues.rpath.com/browse/RPL-1885Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496Broken Link
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.htmlThird Party Advisory

Timeline

Published: Sep 18, 2007
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2007-4965?

How severe is CVE-2007-4965?

Severity scoring for CVE-2007-4965 is pending analysis. The EPSS model estimates a 12.49% probability of exploitation in the next 30 days.

How do I fix CVE-2007-4965?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2007-4965?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST