4.3

CVE-2007-5378

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tcl TkTk Toolkit Version <= 8.3.5
Tcl TkTk Toolkit Version <= 8.4.12
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.64% 0.836
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/30535
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/1744
http://secunia.com/advisories/27207
http://secunia.com/advisories/27295
http://secunia.com/advisories/34297
http://www.attrition.org/pipermail/vim/2007-October/001826.html
http://www.debian.org/security/2009/dsa-1743
http://www.mandriva.com/security/advisories?name=MDKSA-2007:200
http://www.ubuntu.com/usn/usn-529-1
http://secunia.com/advisories/27801
http://secunia.com/advisories/27806
http://secunia.com/advisories/29070
http://secunia.com/advisories/30129
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
http://www.debian.org/security/2007/dsa-1415
http://www.debian.org/security/2007/dsa-1416
http://www.redhat.com/support/errata/RHSA-2008-0134.html
http://www.redhat.com/support/errata/RHSA-2008-0135.html
http://www.securityfocus.com/bid/26056
http://www.vupen.com/english/advisories/2008/1456/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/37189
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480
https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997