Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2008-0553

Published: 7 February 2008

Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

Priority

Medium

Status

Package Release Status
tk8.0
Launchpad, Ubuntu, Debian
dapper
Released (8.0.5-11ubuntu0.1)
edgy Does not exist

feisty Does not exist

gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream Needs triage

tk8.3
Launchpad, Ubuntu, Debian
dapper
Released (8.3.5-4ubuntu1.2)
edgy Needed
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy
Released (8.3.5-6ubuntu3.1)
hardy
Released (8.3.5-12)
intrepid
Released (8.3.5-12)
upstream Needs triage

Patches:
vendor: https://rhn.redhat.com/errata/RHSA-2008-0134.html
vendor: http://www.debian.org/security/2008/dsa-1490




tk8.4
Launchpad, Ubuntu, Debian
dapper
Released (8.4.12-0ubuntu1.2)
edgy Needed
(reached end-of-life)
feisty Needed
(reached end-of-life)
gutsy
Released (8.4.15-1ubuntu1.1)
hardy
Released (8.4.16-2ubuntu1.1)
intrepid Not vulnerable
(8.4.19-1)
upstream Needs triage

Patches:


vendor: https://rhn.redhat.com/errata/RHSA-2008-0135.html
vendor: http://www.debian.org/security/2008/dsa-1491
vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056
upstream: http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
tk8.5
Launchpad, Ubuntu, Debian
dapper Does not exist

edgy Does not exist

feisty Does not exist

gutsy Does not exist

hardy
Released (8.5.0-3)
intrepid
Released (8.5.0-3)
upstream Not vulnerable
(8.5.1)