Lucene search

GoogleOSV:DSA-1415-1

HistoryNov 27, 2007 - 12:00 a.m.

tk8.4 - buffer overflow

2007-11-2700:00:00

Google

osv.dev

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

It was discovered that Tk, a cross-platform graphical toolkit for Tcl,
performs insufficient input validation in the code used to load GIF
images, which may lead to the execution of arbitrary code.

For the old stable distribution (sarge), this problem has been fixed
in version 8.4.9-1sarge1.

For the stable distribution (etch), this problem has been fixed in
version 8.4.12-1etch1.

We recommend that you upgrade your tk8.4 packages. Updated packages for
sparc will be provided later.

CPENameOperatorVersion
tk8.4eq8.4.9-1

CPE	Name	Operator	Version
	tk8.4	eq	8.4.9-1

References

www.debian.org/security/2007/dsa-1415

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Related for OSV:DSA-1415-1