libtk-img -- buffer overflows

2009-03-17T00:00:00
ID DSA-1743
Type debian
Reporter Debian
Modified 2009-03-17T00:00:00

Description

Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform graphical toolkit, which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

It was discovered that libtk-img is prone to a buffer overflow via specially crafted multi-frame interlaced GIF files.

It was discovered that libtk-img is prone to a buffer overflow via specially crafted GIF files with certain subimage sizes.

For the stable distribution (lenny), these problems have been fixed in version 1.3-release-7+lenny1.

For the oldstable distribution (etch), these problems have been fixed in version 1.3-15etch3.

For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.3-release-8.

We recommend that you upgrade your libtk-img packages.