CVE-2007-5378

2007-10-1201:17:00

Debian Security Bug Tracker

security-tracker.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.348 Low

EPSS

Percentile

97.1%

JSON

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.

OSVersionArchitecturePackageVersionFilename
Debian12alllibtk-img< 1.3-release-8libtk-img_1.3-release-8_all.deb
Debian11alllibtk-img< 1.3-release-8libtk-img_1.3-release-8_all.deb
Debian10alllibtk-img< 1.3-release-8libtk-img_1.3-release-8_all.deb
Debian999alllibtk-img< 1.3-release-8libtk-img_1.3-release-8_all.deb
Debian13alllibtk-img< 1.3-release-8libtk-img_1.3-release-8_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libtk-img	< 1.3-release-8	libtk-img_1.3-release-8_all.deb
Debian	11	all	libtk-img	< 1.3-release-8	libtk-img_1.3-release-8_all.deb
Debian	10	all	libtk-img	< 1.3-release-8	libtk-img_1.3-release-8_all.deb
Debian	999	all	libtk-img	< 1.3-release-8	libtk-img_1.3-release-8_all.deb
Debian	13	all	libtk-img	< 1.3-release-8	libtk-img_1.3-release-8_all.deb