CVE-2007-5137
Published: 28 September 2007
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
Notes
Author | Note |
---|---|
jdstrand |
CVE only affects feisty and gutsy tk8.4. These releases have a fix for tcl/tk bug #1458234, which either introduced or unmasked the issue in this CVE (investigate). Bug #1458234 is a memory corruption crasher as well, and though it doesn't have a CVE, it should be fixed. tk8.3 is affected by #1458234 in all releases, so when fixing it, be sure to fix the CVE as well. tk8.4 in dapper and edgy need both fixes too. |
Priority
Status
Package | Release | Status |
---|---|---|
libtk-img
Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Released
(1:1.3-release-7+lenny1build0.8.10.1)
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(1:1.3-release-8)
|
|
tk8.3
Launchpad, Ubuntu, Debian |
dapper |
Released
(8.3.5-4ubuntu1.1)
|
edgy |
Released
(8.3.5-6ubuntu1.1)
|
|
feisty |
Released
(8.3.5-6ubuntu2.1)
|
|
hardy |
Not vulnerable
(8.3.5-12ubuntu1)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
upstream |
Released
(8.3.5-9)
|
|
tk8.4
Launchpad, Ubuntu, Debian |
dapper |
Released
(8.4.12-0ubuntu1.1)
|
edgy |
Released
(8.4.12-1ubuntu0.1)
|
|
feisty |
Released
(8.4.14-0ubuntu2.1)
|
|
hardy |
Not vulnerable
(8.4.16-2ubuntu1)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Released
(8.4.16)
|