Lucene search
GoogleOSV:DSA-1743-1HistoryMar 17, 2009 - 12:00 a.m.
libtk-img - arbitrary code execution
2009-03-1700:00:00
Google
osv.dev
11
0.344 Low
EPSS
Percentile
97.1%
Two buffer overflows have been found in the GIF image parsing code of
Tk, a cross-platform graphical toolkit, which could lead to the execution
of arbitrary code. The Common Vulnerabilities and Exposures project
identifies the following problems:
- CVE-2007-5137
It was discovered that libtk-img is prone to a buffer overflow via
specially crafted multi-frame interlaced GIF files. - CVE-2007-5378
It was discovered that libtk-img is prone to a buffer overflow via
specially crafted GIF files with certain subimage sizes.
For the stable distribution (lenny), these problems have been fixed in
version 1.3-release-7+lenny1.
For the oldstable distribution (etch), these problems have been fixed in
version 1.3-15etch3.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 1.3-release-8.
We recommend that you upgrade your libtk-img packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libtk-img | eq | 1:1.3-release-7 |
References
Related
openvas
openvas
Debian: Security Advisory (DSA-1743-1)
2009-03-19 00:00:00
Ubuntu: Security Advisory (USN-529-1)
2009-03-23 00:00:00
Mandriva Update for tk MDKSA-2007:200 (tk)
2009-04-09 00:00:00
prion
prion
Buffer overflow
2007-09-28 21:17:00
Buffer overflow
2007-10-12 01:17:00
Design/Logic Flaw
2007-10-08 19:17:00
cvelist
cvelist
CVE-2007-5137
2007-09-28 21:00:00
CVE-2007-5378
2007-10-12 01:00:00
nvd
nvd
ubuntucve
ubuntucve
CVE-2007-5137
2007-09-28 00:00:00
CVE-2007-5378
2007-10-11 00:00:00
nessus
nessus
Debian DSA-1743-1 : libtk-img - buffer overflows
2009-03-17 00:00:00
Debian DSA-1416-1 : tk8.3 - buffer overflow
2007-11-29 00:00:00
Ubuntu 6.06 LTS / 6.10 / 7.04 : tk8.3, tk8.4 vulnerability (USN-529-1)
2007-11-10 00:00:00
debian
debian
[SECURITY] [DSA 1743-1] New libtk-img packages fix arbitrary code execution
2009-03-17 08:52:05
[SECURITY] [DSA 1415-1] New tk8.4 packages fix arbitrary code execution
2007-11-27 20:51:17
[SECURITY] [DSA 1416-1] New tk8.3 packages fix arbitrary code execution
2007-11-27 20:56:39
cve
cve
debiancve
debiancve
CVE-2007-5378
2007-10-12 01:17:00
CVE-2007-5137
2007-09-28 21:17:00
ubuntu
ubuntu
Tk vulnerability
2007-10-11 00:00:00
oraclelinux
oraclelinux
Moderate: tk security update
2008-02-21 00:00:00
Moderate: tk security update
2008-02-22 00:00:00
Moderate: tcltk security update
2008-02-22 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: tk-8.4.13-6.fc7
2007-10-18 02:25:24
[SECURITY] Fedora 7 Update: tk-8.4.13-7.fc7
2008-02-07 20:55:44
securityvulns
securityvulns
TK graphics library buffer overflow
2007-10-15 00:00:00
[SECURITY] [DSA 1416-1] New tk8.3 packages fix arbitrary code execution
2007-11-29 00:00:00
[USN-529-1] Tk vulnerability
2007-10-15 00:00:00
freebsd
freebsd
tcl/tk -- buffer overflow in ReadImage function
2007-09-27 00:00:00
osv
osv
tk8.4 - buffer overflow
2007-11-27 00:00:00
redhat
redhat
(RHSA-2008:0136) Moderate: tk security update
2008-02-21 00:00:00
(RHSA-2008:0135) Moderate: tk security update
2008-02-21 00:00:00
(RHSA-2008:0134) Moderate: tcltk security update
2008-02-21 00:00:00
centos
centos
tk security update
2008-02-22 15:57:50
tk security update
2008-02-23 11:54:01
expect, itcl, tcl, tcllib, tclx, tix, tk security update
2008-02-23 01:59:42
