CVE-2007-5378: Buffer Overflow
First published: Fri Oct 12 2007(Updated: )
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Tcl/Tk Toolkit | <=8.3.5 | |
| Tcl/Tk Toolkit | <=8.4.12 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997
- http://www.debian.org/security/2007/dsa-1415
- http://www.debian.org/security/2007/dsa-1416
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:200
- http://www.ubuntu.com/usn/usn-529-1
- http://www.attrition.org/pipermail/vim/2007-October/001826.html
- http://www.securityfocus.com/bid/26056
- http://secunia.com/advisories/27207
- http://secunia.com/advisories/27295
- http://secunia.com/advisories/27801
- http://secunia.com/advisories/27806
- http://www.redhat.com/support/errata/RHSA-2008-0135.html
- http://www.redhat.com/support/errata/RHSA-2008-0134.html
- http://secunia.com/advisories/29070
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
- http://secunia.com/advisories/30129
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://secunia.com/advisories/30535
- http://www.debian.org/security/2009/dsa-1743
- http://secunia.com/advisories/34297
- http://www.vupen.com/english/advisories/2008/1744
- http://www.vupen.com/english/advisories/2008/1456/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37189
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-5378?
CVE-2007-5378 is considered a high severity vulnerability due to the potential for denial of service attacks.
How does CVE-2007-5378 exploit the Tk Toolkit?
CVE-2007-5378 exploits a buffer overflow in the FileReadGIF function, allowing attackers to cause a segmentation fault.
Which versions of the Tk Toolkit are affected by CVE-2007-5378?
CVE-2007-5378 affects Tk Toolkit versions 8.4.12 and earlier, as well as 8.3.5 and earlier.
What type of attack can CVE-2007-5378 facilitate?
CVE-2007-5378 can facilitate a denial of service attack via specially crafted animated GIF files.
How can I mitigate the risks associated with CVE-2007-5378?
To mitigate the risks of CVE-2007-5378, it is recommended to upgrade to a version of the Tk Toolkit that is not affected by this vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/tcl tk
- canonical/tcl/tk toolkit
- version/tcl/tk toolkit/8.3.5
- version/tcl/tk toolkit/8.4.12