Lucene search

[email protected]CVE-2007-5378

HistoryOct 12, 2007 - 1:17 a.m.

CVE-2007-5378

2007-10-1201:17:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-5378

buffer overflow

filereadgif

tk toolkit

denial of service

nvd

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.3%

JSON

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.

CPENameOperatorVersion
tcl_tk:tk_toolkittcl tk tk toolkitle8.3.5
tcl_tk:tk_toolkittcl tk tk toolkitle8.4.12

CPE	Name	Operator	Version
tcl_tk:tk_toolkit	tcl tk tk toolkit	le	8.3.5
tcl_tk:tk_toolkit	tcl tk tk toolkit	le	8.4.12

References

secunia.com/advisories/27207

secunia.com/advisories/27295

secunia.com/advisories/27801

secunia.com/advisories/27806

secunia.com/advisories/29070

secunia.com/advisories/30129

secunia.com/advisories/30535

secunia.com/advisories/34297

sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1

www.attrition.org/pipermail/vim/2007-October/001826.html

www.debian.org/security/2007/dsa-1415

www.debian.org/security/2007/dsa-1416

www.debian.org/security/2009/dsa-1743

www.mandriva.com/security/advisories?name=MDKSA-2007:200

www.redhat.com/support/errata/RHSA-2008-0134.html

www.redhat.com/support/errata/RHSA-2008-0135.html

www.securityfocus.com/archive/1/493080/100/0/threaded

www.securityfocus.com/bid/26056

www.ubuntu.com/usn/usn-529-1

www.vmware.com/security/advisories/VMSA-2008-0009.html

www.vupen.com/english/advisories/2008/1456/references

www.vupen.com/english/advisories/2008/1744

exchange.xforce.ibmcloud.com/vulnerabilities/37189

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480

sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997

6.4 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2007-5378

prion3 ubuntucve2 openvas49 debiancve2 debian3 nessus24 osv2 cve2 ubuntu1 oraclelinux3 securityvulns5 centos4 redhat3 freebsd1 fedora2 vmware2