漏洞信息(CVE-2007-4965)

一、漏洞 CVE-2007-4965 基础信息

漏洞标题

N/A

来源：AIGC 神龙大模型

漏洞描述信息

"在Python 2.5.1及其更早版本中的imageop模块中的多次整数溢出允许依赖上下文的 attackers 通过创建特定的参数(1) 向视频转换方法发送，并可能获取敏感信息(内存内容)，从而触发堆缓冲溢出。"

来源：AIGC 神龙大模型

CVSS信息

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

来源：AIGC 神龙大模型

漏洞类别

N/A

来源：AIGC 神龙大模型

漏洞标题

N/A

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

N/A

来源：美国国家漏洞数据库 NVD

漏洞标题

Python 输入验证错误漏洞

来源：中国国家信息安全漏洞库 CNNVD

漏洞描述信息

Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python存在输入验证错误漏洞，本地攻击者可能利用此漏洞提升自己的权限。

来源：中国国家信息安全漏洞库 CNNVD

CVSS信息

N/A

来源：中国国家信息安全漏洞库 CNNVD

漏洞类别

输入验证错误

来源：中国国家信息安全漏洞库 CNNVD

二、漏洞 CVE-2007-4965 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2007-4965 的情报信息

http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254 x_refsource_CONFIRM
https://issues.rpath.com/browse/RPL-1885 x_refsource_CONFIRM
http://support.avaya.com/css/P8/documents/100074697 x_refsource_CONFIRM
http://docs.info.apple.com/article.html?artnum=307179 x_refsource_CONFIRM
http://bugs.gentoo.org/show_bug.cgi?id=192876 x_refsource_CONFIRM
http://support.apple.com/kb/HT3438 x_refsource_CONFIRM
http://www.vmware.com/security/advisories/VMSA-2009-0016.html x_refsource_CONFIRM
http://www.securityfocus.com/bid/25696 vdb-entry x_refsource_BID
http://secunia.com/advisories/29889 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28838 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/31255 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27562 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/31492 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29032 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27872 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/29303 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/37471 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28136 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/38675 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/26837 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/28480 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/27460 third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/33937 third-party-advisory x_refsource_SECUNIA
http://www.debian.org/security/2008/dsa-1551 vendor-advisory x_refsource_DEBIAN
http://www.debian.org/security/2008/dsa-1620 vendor-advisory x_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-585-1 vendor-advisory x_refsource_UBUNTU
http://www.us-cert.gov/cas/techalerts/TA07-352A.html third-party-advisory x_refsource_CERT
http://www.vupen.com/english/advisories/2009/3316 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/4238 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2008/0637 vdb-entry x_refsource_VUPEN
http://www.vupen.com/english/advisories/2007/3201 vdb-entry x_refsource_VUPEN
http://www.mandriva.com/security/advisories?name=MDVSA-2008:012 vendor-advisory x_refsource_MANDRIVA
http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml vendor-advisory x_refsource_GENTOO
http://www.mandriva.com/security/advisories?name=MDVSA-2008:013 vendor-advisory x_refsource_MANDRIVA
http://www.redhat.com/support/errata/RHSA-2007-1076.html vendor-advisory x_refsource_REDHAT
http://www.redhat.com/support/errata/RHSA-2008-0629.html vendor-advisory x_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html vendor-advisory x_refsource_SUSE
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html vendor-advisory x_refsource_FEDORA
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html vendor-advisory x_refsource_APPLE
http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html vendor-advisory x_refsource_APPLE
https://exchange.xforce.ibmcloud.com/vulnerabilities/36653 vdb-entry x_refsource_XF
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486 vdb-entry signature x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496 vdb-entry signature x_refsource_OVAL
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804 vdb-entry signature x_refsource_OVAL
http://www.securityfocus.com/archive/1/487990/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html mailing-list x_refsource_FULLDISC
http://www.securityfocus.com/archive/1/488457/100/0/threaded mailing-list x_refsource_BUGTRAQ
http://lists.vmware.com/pipermail/security-announce/2008/000005.html mailing-list x_refsource_MLIST
http://www.securityfocus.com/archive/1/507985/100/0/threaded mailing-list x_refsource_BUGTRAQ
https://nvd.nist.gov/vuln/detail/CVE-2007-4965

一、 漏洞 CVE-2007-4965 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2007-4965 的公开POC

三、漏洞 CVE-2007-4965 的情报信息

一、漏洞 CVE-2007-4965 基础信息