3 matches found
SUSE CVE-2007-5378
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service segmentation fault via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers...
TCL/TK Tk工具包ReadImage()函数GIF文件解析栈溢出漏洞
BUGTRAQ ID: 27655 CVECAN ID: CVE-2008-0553 Tcl是一种简明,高效,可移植的编程语言。 在Tcl的Tk工具包中,tkImgGIF.c文件的ReadImage函数没有正确地验证从GIF图形中所读取的initialCodeSize值。如果用户受骗打开了恶意的GIF图形文件的话,就可能触发栈溢出,导致执行任意指令。 John Ousterhout Tcl 8.5.1 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-1491-1)以及相应补丁: DSA-1491-1:New tk8.4 packages fix...
Tk GIF processing buffer overflow
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl Tcl/Tk 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for...