Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5137

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5137
Last Modified 21 Aug 2010 01:11:32
Published 28 Sep 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5137

Summary

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.

Vulnerable Systems

Application

  • Tcl Tk 8.4.13

  • Tcl Tk 8.4.14

  • Tcl Tk 8.4.15


References

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=541207

SECUNIA - 26942

FEDORA - FEDORA-2007-2564

UBUNTU - USN-529-1

BID - 25826

REDHAT - RHSA-2008:0136

SUSE - SUSE-SR:2007:020

MANDRIVA - MDKSA-2007:200

DEBIAN - DSA-1743

VIM - 20071012 clarification on multiple Tk overflow issues

GENTOO - GLSA-200710-07

SECUNIA - 34297

SECUNIA - 29069

SECUNIA - 27295

SECUNIA - 27229

SECUNIA - 27207

SECUNIA - 27182

SECUNIA - 27086

MISC - http://bugs.gentoo.org/show_bug.cgi?id=192539


Last Updated: 27 May 2016 10:46:05