6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.348 Low
EPSS
Percentile
97.1%
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl
(Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary
code via multi-frame interlaced GIF files in which later frames are smaller
than the first. NOTE: this issue is due to an incorrect patch for
CVE-2007-5378.
Author | Note |
---|---|
jdstrand | CVE only affects feisty and gutsy tk8.4. These releases have a fix for tcl/tk bug #1458234, which either introduced or unmasked the issue in this CVE (investigate). Bug #1458234 is a memory corruption crasher as well, and though it doesn’t have a CVE, it should be fixed. tk8.3 is affected by #1458234 in all releases, so when fixing it, be sure to fix the CVE as well. tk8.4 in dapper and edgy need both fixes too. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.10 | noarch | libtk-img | < 1:1.3-release-7+lenny1build0.8.10.1 | UNKNOWN |
ubuntu | 6.06 | noarch | tk8.3 | < 8.3.5-4ubuntu1.1 | UNKNOWN |
ubuntu | 6.10 | noarch | tk8.3 | < 8.3.5-6ubuntu1.1 | UNKNOWN |
ubuntu | 7.04 | noarch | tk8.3 | < 8.3.5-6ubuntu2.1 | UNKNOWN |
ubuntu | 6.06 | noarch | tk8.4 | < 8.4.12-0ubuntu1.1 | UNKNOWN |
ubuntu | 6.10 | noarch | tk8.4 | < 8.4.12-1ubuntu0.1 | UNKNOWN |
ubuntu | 7.04 | noarch | tk8.4 | < 8.4.14-0ubuntu2.1 | UNKNOWN |