CVE-2008-0553
Published: 7 February 2008
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Priority
Status
Package | Release | Status |
---|---|---|
tk8.0 Launchpad, Ubuntu, Debian |
dapper |
Released
(8.0.5-11ubuntu0.1)
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
upstream |
Needs triage
|
|
tk8.3 Launchpad, Ubuntu, Debian |
dapper |
Released
(8.3.5-4ubuntu1.2)
|
edgy |
Needed
(reached end-of-life)
|
|
feisty |
Needed
(reached end-of-life)
|
|
gutsy |
Released
(8.3.5-6ubuntu3.1)
|
|
hardy |
Released
(8.3.5-12)
|
|
intrepid |
Released
(8.3.5-12)
|
|
upstream |
Needs triage
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2008-0134.html vendor: http://www.debian.org/security/2008/dsa-1490 |
||
tk8.4 Launchpad, Ubuntu, Debian |
dapper |
Released
(8.4.12-0ubuntu1.2)
|
edgy |
Needed
(reached end-of-life)
|
|
feisty |
Needed
(reached end-of-life)
|
|
gutsy |
Released
(8.4.15-1ubuntu1.1)
|
|
hardy |
Released
(8.4.16-2ubuntu1.1)
|
|
intrepid |
Not vulnerable
(8.4.19-1)
|
|
upstream |
Needs triage
|
|
Patches: vendor: https://rhn.redhat.com/errata/RHSA-2008-0135.html vendor: http://www.debian.org/security/2008/dsa-1491 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056 upstream: http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41 |
||
tk8.5 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Released
(8.5.0-3)
|
|
intrepid |
Released
(8.5.0-3)
|
|
upstream |
Not vulnerable
(8.5.1)
|