CPANSA-Tcl-2007-5137-tcl: Tcl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2007-09-28T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2007-09-28T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
Vulnerabilities
CVE-2007-5137
Vulnerability DescriptionBuffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
| Weakness | CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Tcl greater than or equal 0.89 and less than or equal 1.27 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-Tcl-2007-5137-tcl JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2007/cpansa-tcl-2007-5137-tcl.json - http://sourceforge.net/project/shownotes.php?release_id=541207 external
http://sourceforge.net/project/shownotes.php?release_id=541207 - http://secunia.com/advisories/26942 external
http://secunia.com/advisories/26942 - http://bugs.gentoo.org/show_bug.cgi?id=192539 external
http://bugs.gentoo.org/show_bug.cgi?id=192539 - https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html external
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html - http://security.gentoo.org/glsa/glsa-200710-07.xml external
http://security.gentoo.org/glsa/glsa-200710-07.xml - http://www.mandriva.com/security/advisories?name=MDKSA-2007:200 external
http://www.mandriva.com/security/advisories?name=MDKSA-2007:200 - http://www.novell.com/linux/security/advisories/2007_20_sr.html external
http://www.novell.com/linux/security/advisories/2007_20_sr.html - http://www.ubuntu.com/usn/usn-529-1 external
http://www.ubuntu.com/usn/usn-529-1 - http://www.attrition.org/pipermail/vim/2007-October/001826.html external
http://www.attrition.org/pipermail/vim/2007-October/001826.html - http://www.securityfocus.com/bid/25826 external
http://www.securityfocus.com/bid/25826 - http://secunia.com/advisories/27086 external
http://secunia.com/advisories/27086 - http://secunia.com/advisories/27207 external
http://secunia.com/advisories/27207 - http://secunia.com/advisories/27182 external
http://secunia.com/advisories/27182 - http://secunia.com/advisories/27295 external
http://secunia.com/advisories/27295 - http://secunia.com/advisories/27229 external
http://secunia.com/advisories/27229 - http://www.redhat.com/support/errata/RHSA-2008-0136.html external
http://www.redhat.com/support/errata/RHSA-2008-0136.html - http://secunia.com/advisories/29069 external
http://secunia.com/advisories/29069 - http://www.debian.org/security/2009/dsa-1743 external
http://www.debian.org/security/2009/dsa-1743 - http://secunia.com/advisories/34297 external
http://secunia.com/advisories/34297 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540 - CVE-2007-5137 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2007-5137
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Fri Sep 28 00:00:00 2007 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/