{"id":"PSF-2007-1","summary":"rgbimg and imageop overflows","details":"Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.","aliases":["CVE-2007-4965"],"modified":"2025-10-09T00:54:50.793038Z","published":"2007-09-18T22:00:00Z","database_specific":{"cwe_ids":[]},"references":[{"type":"REPORT","url":"https://bugs.python.org/issue1179"},{"type":"WEB","url":"http://bugs.python.org/issue8678"},{"type":"WEB","url":"http://seclists.org/fulldisclosure/2007/Sep/279"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=541698"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/python/cpython","events":[{"introduced":"0"},{"fixed":"4df1b6d478020ac51c84467f47e42083f53adbad"}]}],"versions":["v0.9.8","v0.9.9","v1.0.1","v1.0.2","v1.1","v1.1.1","v1.2","v1.2b1","v1.2b2","v1.2b3","v1.2b4","v1.3","v1.3b1","v1.4","v1.4b1","v1.4b2","v1.4b3","v1.5","v1.5.1","v1.5.2","v1.5.2a1","v1.5.2a2","v1.5.2b1","v1.5.2b2","v1.5.2c1","v1.5a1","v1.5a2","v1.5a3","v1.5a4","v1.5b1","v1.5b2","v1.6a1","v1.6a2","v2.0","v2.0b1","v2.0b2","v2.0c1","v2.1","v2.1a1","v2.1a2","v2.1b1","v2.1b2","v2.1c1","v2.1c2","v2.2a3","v2.3c1","v2.3c2","v2.4","v2.4a1","v2.4a2","v2.4a3","v2.4b1","v2.4b2","v2.4c1","v2.5","v2.5.1","v2.5.1c1","v2.5.2","v2.5.2c1","v2.5a0","v2.5a1","v2.5a2","v2.5b1","v2.5b2","v2.5b3","v2.5c1","v2.5c2"],"database_specific":{"source":"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2007-1.json","vanir_signatures":[{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-01be18c1","target":{"file":"Modules/imageop.c","function":"imageop_grey2mono"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"118684595840100483092266383332316870031","length":713},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-0e405eb1","target":{"file":"Modules/imageop.c","function":"imageop_crop"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"137264131579234281462761299655318301342","length":1270},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-1665ca1c","target":{"file":"Modules/imageop.c","function":"imageop_rgb82rgb"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"72988034189971477244293014598047636097","length":1015},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-1f9cdda4","target":{"file":"Modules/imageop.c","function":"imageop_grey2grey4"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"283090301284465242142172703627620282463","length":695},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-37ba11dc","target":{"file":"Modules/imageop.c","function":"imageop_grey2grey2"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"321881928699637766293796262543882873856","length":695},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-3c29d0c2","target":{"file":"Modules/imageop.c","function":"imageop_grey2rgb"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"1032368095084667015342630197594216202","length":770},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-52bb634e","target":{"file":"Modules/imageop.c","function":"imageop_scale"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"233964435553512609030601183696056184028","length":1018},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-600a5f8e","target":{"file":"Modules/imageop.c","function":"imageop_grey22grey"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"93742948963751398006360638754562256623","length":692},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-a1902e49","target":{"file":"Modules/imageop.c","function":"imageop_dither2grey2"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"274445897420309856246071916572140226847","length":742},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-b5f562f9","target":{"file":"Modules/imageop.c","function":"imageop_mono2grey"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"75879504397280303084938088302881703933","length":671},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-c60b9d7d","target":{"file":"Modules/rgbimgmodule.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["175975179019764809820789403248453257565","164651503928962034072787587596135649026","237099743885138398216760853555898191732","268789248594375018603952951527227614200"]},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-cd010ccb","target":{"file":"Modules/imageop.c","function":"imageop_tovideo"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"257879593714078612427750398623556015659","length":1265},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-d06ce367","target":{"file":"Modules/imageop.c","function":"imageop_rgb2rgb8"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"145425023813875609533984392920067953913","length":1033},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-d316e577","target":{"file":"Modules/rgbimgmodule.c","function":"longimagedata"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"273640243738961405776119599141418876343","length":4247},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-db1c821f","target":{"file":"Modules/imageop.c","function":"imageop_grey42grey"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"329919295554049180350768426953780227322","length":662},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-dcc2dc5e","target":{"file":"Modules/imageop.c"},"signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["161118434078029193215346577754274539969","299412798935359001266368375573651927417","338386102112427670418693809875840369018","128191820500904856624287311013990981724","20037936317764495885168121223060333230","137437424712531907927907550258145547022","330850783060926445204572681746366378302","47646674039746803354106313574866353455","139341058416413589226200424878177216958","1931911632329936272537494590591409621","234657597896309818378012578929285875546","50213515919767064293048592396581548353","152398379472065321695940285329604899435","17536754144348972102758467228527604812","75861719899952892239703302687089189430","35067373838909747453963463233948811254","286249955112639834097011999235678661568","20037936317764495885168121223060333230","137437424712531907927907550258145547022","330850783060926445204572681746366378302","47646674039746803354106313574866353455","331916548695319314826436582416263618006","137561544104192789180013989460739536749","267965793405020537846298401919812580023","48153634099210351243420188047666702636","96427086323239354907136308657142756451","25069365629086326520998681774336851003","339739896275112855134180880037763780795","186867296836499269110124330155808020521","284255398305282030472916175717479934088","171158566287233088960985528155165051038","316343947477410490037451636862471480117","4776678635272005067065917369961462293","239152607800152719924609210351484607449","245166969515315296490663026628163955794","316343947477410490037451636862471480117","4776678635272005067065917369961462293","239152607800152719924609210351484607449","245166969515315296490663026628163955794","316343947477410490037451636862471480117","4776678635272005067065917369961462293","213965992275913700321825214039558944374","245166969515315296490663026628163955794","316343947477410490037451636862471480117","4776678635272005067065917369961462293","154935135827307402956792771567815167584","245166969515315296490663026628163955794","316343947477410490037451636862471480117","4776678635272005067065917369961462293","112572246377572756551503039457773697832","168394126484120179924498099755040455460","69857517439188540660728954839113247316","92743477712551555629574910782155943019","331965883220247459174021738789366715097","316008050980518957556700008248781135349","81962217514576040779800462748347490309","188968239655571795543146837501293108847","331965883220247459174021738789366715097","63153832588277039472050813148015202536","44547741189148012378491960550322187930","129528772799954335418420905582157264054","291193121692215990992123096363183565138","321431856767921287211001156943912528160","224096906597940383824964622028012298617","168275432873716601418516929685602199033","291193121692215990992123096363183565138","178786754214147008299831316170585832938","205827569179464042640383944867145432744","271402691933905717818085386001906399911","224170750766010664758473256716800992956","144763643768186582371128023643369523334","51507667376923848395513862126342053569","49388970016421381034343238563478115796","291193121692215990992123096363183565138","321431856767921287211001156943912528160","224096906597940383824964622028012298617","168275432873716601418516929685602199033","291193121692215990992123096363183565138","178786754214147008299831316170585832938","205827569179464042640383944867145432744","271402691933905717818085386001906399911","224170750766010664758473256716800992956","144763643768186582371128023643369523334","51507667376923848395513862126342053569","49388970016421381034343238563478115796"]},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-f106bbf2","target":{"file":"Modules/imageop.c","function":"imageop_dither2mono"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"135918706148906451296252699244310282340","length":735},"deprecated":false},{"source":"https://github.com/python/cpython/commit/4df1b6d478020ac51c84467f47e42083f53adbad","id":"PSF-2007-1-f5a818d8","target":{"file":"Modules/imageop.c","function":"imageop_rgb2grey"},"signature_version":"v1","signature_type":"Function","digest":{"function_hash":"23452741704984248302527613582869508919","length":1006},"deprecated":false}]}}],"schema_version":"1.7.3"}