{ "threat_severity" : "Moderate", "public_date" : "2007-09-16T00:00:00Z", "bugzilla" : { "description" : "python imageop module heap corruption", "id" : "295971", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=295971" }, "details" : [ "Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows." ], "statement" : "Red Hat is aware of this issue and is tracking it via the following bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=295971\nThe Red Hat Product Security has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here: https://access.redhat.com/security/updates/classification/", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 3", "release_date" : "2007-12-10T00:00:00Z", "advisory" : "RHSA-2007:1076", "cpe" : "cpe:/o:redhat:enterprise_linux:3", "package" : "python-0:2.2.3-6.8" }, { "product_name" : "Red Hat Enterprise Linux 4", "release_date" : "2007-12-10T00:00:00Z", "advisory" : "RHSA-2007:1076", "cpe" : "cpe:/o:redhat:enterprise_linux:4", "package" : "python-0:2.3.4-14.4.el4_6.1" }, { "product_name" : "Red Hat Enterprise Linux 5", "release_date" : "2009-07-27T00:00:00Z", "advisory" : "RHSA-2009:1176", "cpe" : "cpe:/o:redhat:enterprise_linux:5", "package" : "python-0:2.4.3-24.el5_3.6" }, { "product_name" : "Red Hat Network Satellite Server v 4.2", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el4", "package" : "rhn-solaris-bootstrap-0:5.0.2-3" }, { "product_name" : "Red Hat Network Satellite Server v 4.2", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el4", "package" : "rhn_solaris_bootstrap_5_0_2_3-0:1-0" }, { "product_name" : "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el3", "package" : "rhn-solaris-bootstrap-0:5.0.2-3" }, { "product_name" : "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date" : "2008-06-30T00:00:00Z", "advisory" : "RHSA-2008:0525", "cpe" : "cpe:/a:redhat:network_satellite:4.2::el3", "package" : "rhn_solaris_bootstrap_5_0_2_3-0:1-0" }, { "product_name" : "Red Hat Network Satellite Server v 5.0", "release_date" : "2008-05-20T00:00:00Z", "advisory" : "RHSA-2008:0264", "cpe" : "cpe:/a:redhat:network_satellite:5.0:el4", "package" : "rhn-solaris-bootstrap-0:5.0.2-3" }, { "product_name" : "Red Hat Network Satellite Server v 5.0", "release_date" : "2008-05-20T00:00:00Z", "advisory" : "RHSA-2008:0264", "cpe" : "cpe:/a:redhat:network_satellite:5.0:el4", "package" : "rhn_solaris_bootstrap_5_0_2_3-0:1-0" }, { "product_name" : "Red Hat Network Satellite Server v 5.1", "release_date" : "2008-08-13T00:00:00Z", "advisory" : "RHSA-2008:0629", "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4", "package" : "rhn-solaris-bootstrap-0:5.1.1-3" }, { "product_name" : "Red Hat Network Satellite Server v 5.1", "release_date" : "2008-08-13T00:00:00Z", "advisory" : "RHSA-2008:0629", "cpe" : "cpe:/a:redhat:network_satellite:5.1::el4", "package" : "rhn_solaris_bootstrap_5_1_1_3-0:1-0" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-4965\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-4965" ], "name" : "CVE-2007-4965", "csaw" : false }