CVE-2007-4965

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4965. PoCs published by Slythers Bro.

AI-analyzed exploit summary This exploit targets an integer overflow vulnerability in Python's imageop module (CVE-2007-4965). It attempts to trigger the overflow by passing malformed arguments to the tovideo function, potentially leading to arbitrary code execution.

Description

Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Slythers Bro · pythondosmultiple

https://www.exploit-db.com/exploits/30592

View Code ZIP pw:eip

This exploit targets an integer overflow vulnerability in Python's imageop module (CVE-2007-4965). It attempts to trigger the overflow by passing malformed arguments to the tovideo function, potentially leading to arbitrary code execution.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Python imageop module (versions prior to fix)

No auth needed

Prerequisites: Python environment with vulnerable imageop module · Ability to pass crafted input to imageop functions

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (49)

Core 49

Core References

Third Party Advisory mailing-list x_refsource_mlist

http://lists.vmware.com/pipermail/security-announce/2008/000005.html

Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25696

Third Party Advisory x_refsource_confirm

http://wiki.rpath.com/wiki/Advisories:rPSA-2007-0254

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4238

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38675

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert

http://www.us-cert.gov/cas/techalerts/TA07-352A.html

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8496

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33937

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28136

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37471

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27460

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28480

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26837

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3201

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1551

Third Party Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29303

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8486

Third Party Advisory x_refsource_confirm

http://support.apple.com/kb/HT3438

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27872

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29032

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31492

Third Party Advisory vendor-advisory x_refsource_fedora

https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00378.html

Broken Link vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10804

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2008-0629.html

Exploit mailing-list x_refsource_fulldisc

http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065826.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/488457/100/0/threaded

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html

Third Party Advisory vendor-advisory x_refsource_redhat

http://www.redhat.com/support/errata/RHSA-2007-1076.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0637

VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/36653

Third Party Advisory x_refsource_confirm

http://bugs.gentoo.org/show_bug.cgi?id=192876

Third Party Advisory x_refsource_confirm

http://docs.info.apple.com/article.html?artnum=307179

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/27562

Third Party Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-585-1

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200711-07.xml

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:012

Third Party Advisory x_refsource_confirm

http://support.avaya.com/css/P8/documents/100074697

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31255

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/487990/100/0/threaded

Broken Link vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2008:013

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1620

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28838

Third Party Advisory vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

Third Party Advisory x_refsource_confirm

https://issues.rpath.com/browse/RPL-1885

Broken Link vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3316

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29889

Python < 2.5.1 - Denial of Service and Information Disclosure via Integer Overflow in imageop Module

Exploitation Summary

Description

Exploits (1)

References (49)

Scores

Details