CVE-2007-5137Improper Restriction of Operations within the Bounds of a Memory Buffer in Libtk-img

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer15 documents7 sources
Severity
6.8MEDIUMNVD
NVD4.3
EPSS
7.7%
top 8.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Libtk-imgTCL TK TK ToolkitTCL TK
Timeline
PublishedSep 28
Latest updateMay 1

Description

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

debiandebian/libtk-img< libtk-img 1.3-release-8 (bookworm)
NVDtcl_tk/tk_toolkit8.3.5+1
NVDtcl_tk/tcl_tk8.4.13, 8.4.14, 8.4.15+2

Patches

Patch: secunia.comPatch: sourceforge.netPatch: secunia.com

🔴Vulnerability Details

4
GHSA
GHSA-5mgp-v92x-h349: Buffer overflow in the FileReadGIF function in tkImgGIF2022-05-01
GHSA
GHSA-67cg-f67f-c8v9: Buffer overflow in the ReadImage function in generic/tkImgGIF2022-05-01
OSV
CVE-2007-5378: Buffer overflow in the FileReadGIF function in tkImgGIF2007-10-12
OSV
CVE-2007-5137: Buffer overflow in the ReadImage function in generic/tkImgGIF2007-09-28

📋Vendor Advisories

5
Ubuntu
Tk vulnerability2007-10-11
Red Hat
Tk GIF processing buffer overflow2007-09-07
Debian
CVE-2007-5137: libtk-img - Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) ...2007
Debian
CVE-2007-5378: libtk-img - Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 ...2007
Red Hat
Tk GIF processing buffer overflow2006-03-25

💬Community

4
Bugzilla
CVE-2007-5137 Tk GIF processing buffer overflow [FC6]2007-10-15
Bugzilla
CVE-2007-5378 Tk GIF processing buffer overflow2007-10-15
Bugzilla
CVE-2007-5137 Tk GIF processing buffer overflow [F7]2007-10-15
Bugzilla
CVE-2007-5137 Tk GIF processing buffer overflow2007-09-14
CVE-2007-5137 — Debian Libtk-img vulnerability | cvebase