Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5378

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2007-5378
Last Modified 07 Mar 2011 10:00:35
Published 11 Oct 2007 09:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5378

Summary

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.

Vulnerable Systems

Application

  • Tcl Tk Tk Toolkit 8.3.5

  • Tcl Tk Tk Toolkit 8.4.12


References

CONFIRM - https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997

VUPEN - ADV-2008-1744

VUPEN - ADV-2008-1456

DEBIAN - DSA-1743

SECUNIA - 34297

XF - tktoolkit-filereadgif-dos(37189)

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2008-0009.html

UBUNTU - USN-529-1

BID - 26056

BUGTRAQ - 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues

REDHAT - RHSA-2008:0135

REDHAT - RHSA-2008:0134

MANDRIVA - MDKSA-2007:200

DEBIAN - DSA-1416

DEBIAN - DSA-1415

VIM - 20071012 clarification on multiple Tk overflow issues

SUNALERT - 237465

SECUNIA - 30535

SECUNIA - 30129

SECUNIA - 29070

SECUNIA - 27806

SECUNIA - 27801

SECUNIA - 27295

SECUNIA - 27207

Related Patches

VMware VMSA 2008-0009.2 VMware Fusion 2.0.1 Update for Mac (Rev 2)


Last Updated: 27 May 2016 10:46:10