FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2007-5137

This CVE name corresponds to:

Entered Topic
2007-10-05 tcl/tk -- buffer overflow in ReadImage function

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2007-5137 at cve.mitre.org

Details

Type Candidate
Name CVE-2007-5137
Phase Assigned(20070928)

Description

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.

References

Source Reference
MISC http://bugs.gentoo.org/show_bug.cgi?id=192539
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=541207
DEBIAN DSA-1743
FEDORA FEDORA-2007-2564
GENTOO GLSA-200710-07
MANDRIVA MDKSA-2007:200
REDHAT RHSA-2008:0136
SUSE SUSE-SR:2007:020
UBUNTU USN-529-1
VIM 20071012 clarification on multiple Tk overflow issues
BID 25826
OVAL oval:org.mitre.oval:def:9540
SECUNIA 26942
SECUNIA 27086
SECUNIA 27207
SECUNIA 27182
SECUNIA 27295
SECUNIA 27229
SECUNIA 29069
SECUNIA 34297

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.