CVE-2008-0553: Buffer Overflow
First published: Fri Feb 01 2008(Updated: )
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/tk | <0:8.4.7-3.el4_6.1 | 0:8.4.7-3.el4_6.1 |
| redhat/tk | <0:8.4.13-5.el5_1.1 | 0:8.4.13-5.el5_1.1 |
| redhat/1.3 | <0.8.20080505 | 0.8.20080505 |
| Tcl Tk | =6.2 | |
| Tcl Tk | =7.6 | |
| Tcl Tk | =8.4.8 | |
| Tcl Tk | =8.5a3 | |
| Tcl Tk | =8.4.2 | |
| Tcl Tk | =8.4.1 | |
| Tcl Tk | =8.0p2 | |
| Tcl Tk | =6.7 | |
| Tcl Tk | =8.4a2 | |
| Tcl Tk | =8.3.4 | |
| Tcl Tk | =6.1 | |
| Tcl Tk | <=8.4.17 | |
| Tcl Tk | =8.4.5 | |
| Tcl Tk | =7.4 | |
| Tcl Tk | =8.4.3 | |
| Tcl Tk | =8.4.0 | |
| Tcl Tk | =8.5.0 | |
| Tcl Tk | =8.0.4 | |
| Tcl Tk | =8.4b1 | |
| Tcl Tk | =8.4.11 | |
| Tcl Tk | =8.5a2 | |
| Tcl Tk | =8.5b2 | |
| Tcl Tk | =8.2.3 | |
| Tcl Tk | =6.1p1 | |
| Tcl Tk | =8.0 | |
| Tcl Tk | =6.5 | |
| Tcl Tk | =8.4.7 | |
| Tcl Tk | =7.0 | |
| Tcl Tk | =8.0.5 | |
| Tcl Tk | =7.5p1 | |
| Tcl Tk | =7.5 | |
| Tcl Tk | =6.6 | |
| Tcl Tk | =8.2.0 | |
| Tcl Tk | =8.4.10 | |
| Tcl Tk | =8.4a3 | |
| Tcl Tk | =7.6p2 | |
| Tcl Tk | =8.3.3 | |
| Tcl Tk | =8.5b1 | |
| Tcl Tk | =8.3.1 | |
| Tcl Tk | =8.5b3 | |
| Tcl Tk | =8.4.13 | |
| Tcl Tk | =8.5a6 | |
| Tcl Tk | =8.4.16 | |
| Tcl Tk | =8.4.12 | |
| Tcl Tk | =8.5a4 | |
| Tcl Tk | =8.3.2 | |
| Tcl Tk | =8.3.5 | |
| Tcl Tk | =8.5a5 | |
| Tcl Tk | =8.4.15 | |
| Tcl Tk | =8.0.3 | |
| Tcl Tk | =8.5_a3 | |
| Tcl Tk | =8.4b2 | |
| Tcl Tk | =3.3 | |
| Tcl Tk | =7.1 | |
| Tcl Tk | =4.0p1 | |
| Tcl Tk | =8.4a4 | |
| Tcl Tk | =7.3 | |
| Tcl Tk | =8.4.4 | |
| Tcl Tk | =8.4.6 | |
| Tcl Tk | =8.1.1 | |
| Tcl Tk | =8.2.2 | |
| Tcl Tk | =8.5a1 | |
| Tcl Tk | =8.4.14 | |
| Tcl Tk | =8.1 | |
| Tcl Tk | =2.1 | |
| Tcl Tk | =8.2.1 | |
| Tcl Tk | =6.4 | |
| Tcl Tk | =8.3.0 | |
| Tcl Tk | =8.4.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894
- http://www.securityfocus.com/bid/27655
- http://securitytracker.com/id?1019309
- http://secunia.com/advisories/28784
- https://bugzilla.redhat.com/show_bug.cgi?id=431518
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html
- https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:041
- http://secunia.com/advisories/28807
- http://secunia.com/advisories/28848
- http://www.debian.org/security/2008/dsa-1490
- http://www.debian.org/security/2008/dsa-1491
- http://secunia.com/advisories/28857
- http://secunia.com/advisories/28867
- http://wiki.rpath.com/Advisories:rPSA-2008-0054
- https://issues.rpath.com/browse/RPL-2215
- http://secunia.com/advisories/28954
- http://www.redhat.com/support/errata/RHSA-2008-0135.html
- http://www.redhat.com/support/errata/RHSA-2008-0134.html
- http://www.redhat.com/support/errata/RHSA-2008-0136.html
- http://secunia.com/advisories/29069
- http://secunia.com/advisories/29070
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
- http://secunia.com/advisories/29622
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
- http://secunia.com/advisories/30129
- http://www.vmware.com/security/advisories/VMSA-2008-0009.html
- http://secunia.com/advisories/30535
- http://secunia.com/advisories/30717
- http://secunia.com/advisories/30783
- http://www.novell.com/linux/security/advisories/2008_13_sr.html
- http://www.debian.org/security/2008/dsa-1598
- https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html
- http://secunia.com/advisories/30188
- http://www.vupen.com/english/advisories/2008/0430
- http://www.vupen.com/english/advisories/2008/1744
- http://www.vupen.com/english/advisories/2008/1456/references
- http://ubuntu.com/usn/usn-664-1
- http://secunia.com/advisories/32608
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098
- http://www.securityfocus.com/archive/1/493080/100/0/threaded
- http://www.securityfocus.com/archive/1/488069/100/0/threaded
- https://access.redhat.com/security/cve/CVE-2006-4484
- https://access.redhat.com/security/cve/CVE-2007-6697
- http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
- https://access.redhat.com/security/cve/CVE-2008-0554
- http://sourceforge.net/project/shownotes.php?release_id=573933
- http://rhn.redhat.com/errata/RHSA-2008-0134.html
- http://rhn.redhat.com/errata/RHSA-2008-0135.html
- http://rhn.redhat.com/errata/RHSA-2008-0136.html
- https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1131
- https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1384
- https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1122
- https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1323
- https://www.cve.org/CVERecord?id=CVE-2008-0553 https://nvd.nist.gov/vuln/detail/CVE-2008-0553
- https://access.redhat.com/errata/RHSA-2008:0134
- https://access.redhat.com/errata/RHSA-2008:0135
- https://access.redhat.com/errata/RHSA-2008:0136
- https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0553.json
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2008-0553?
CVE-2008-0553 has a medium severity rating due to its potential for remote code execution through crafted GIF images.
How do I fix CVE-2008-0553?
To fix CVE-2008-0553, update to a version of Tk (Tcl/Tk) that is 8.5.1 or later.
What are the affected versions listed in CVE-2008-0553?
CVE-2008-0553 affects Tcl/Tk versions before 8.5.1, including 8.4.17 and earlier.
Can CVE-2008-0553 exploit my system through remote attacks?
Yes, CVE-2008-0553 can be exploited by remote attackers using specially crafted GIF images.
What should I do if I can't immediately update for CVE-2008-0553?
If an immediate update isn't possible for CVE-2008-0553, consider implementing security measures such as network segmentation or monitoring to reduce exposure.
- agent/type
- agent/softwarecombine
- agent/remedy
- agent/first-publish-date
- collector/redhat-cve
- source/Red Hat
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/redhat-bugzilla
- alias/CVE-2008-0553
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- vendor/tcl tk
- canonical/tcl tk
- version/tcl tk/6.2
- version/tcl tk/7.6
- version/tcl tk/8.4.8
- version/tcl tk/8.5a3
- version/tcl tk/8.4.2
- version/tcl tk/8.4.1
- version/tcl tk/8.0p2
- version/tcl tk/6.7
- version/tcl tk/8.4a2
- version/tcl tk/8.3.4
- version/tcl tk/6.1
- version/tcl tk/8.4.17
- version/tcl tk/8.4.5
- version/tcl tk/7.4
- version/tcl tk/8.4.3
- version/tcl tk/8.4.0
- version/tcl tk/8.5.0
- version/tcl tk/8.0.4
- version/tcl tk/8.4b1
- version/tcl tk/8.4.11
- version/tcl tk/8.5a2
- version/tcl tk/8.5b2
- version/tcl tk/8.2.3
- version/tcl tk/6.1p1
- version/tcl tk/8.0
- version/tcl tk/6.5
- version/tcl tk/8.4.7
- version/tcl tk/7.0
- version/tcl tk/8.0.5
- version/tcl tk/7.5p1
- version/tcl tk/7.5
- version/tcl tk/6.6
- version/tcl tk/8.2.0
- version/tcl tk/8.4.10
- version/tcl tk/8.4a3
- version/tcl tk/7.6p2
- version/tcl tk/8.3.3
- version/tcl tk/8.5b1
- version/tcl tk/8.3.1
- version/tcl tk/8.5b3
- version/tcl tk/8.4.13
- version/tcl tk/8.5a6
- version/tcl tk/8.4.16
- version/tcl tk/8.4.12
- version/tcl tk/8.5a4
- version/tcl tk/8.3.2
- version/tcl tk/8.3.5
- version/tcl tk/8.5a5
- version/tcl tk/8.4.15
- version/tcl tk/8.0.3
- version/tcl tk/8.5_a3
- version/tcl tk/8.4b2
- version/tcl tk/3.3
- version/tcl tk/7.1
- version/tcl tk/4.0p1
- version/tcl tk/8.4a4
- version/tcl tk/7.3
- version/tcl tk/8.4.4
- version/tcl tk/8.4.6
- version/tcl tk/8.1.1
- version/tcl tk/8.2.2
- version/tcl tk/8.5a1
- version/tcl tk/8.4.14
- version/tcl tk/8.1
- version/tcl tk/2.1
- version/tcl tk/8.2.1
- version/tcl tk/6.4
- version/tcl tk/8.3.0
- version/tcl tk/8.4.9