CVE - CVE-2007-5378

CVE-ID
CVE-2007-5378	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues URL:http://www.securityfocus.com/archive/1/493080/100/0/threaded CONFIRM:https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0009.html DEBIAN:DSA-1415 URL:http://www.debian.org/security/2007/dsa-1415 DEBIAN:DSA-1416 URL:http://www.debian.org/security/2007/dsa-1416 DEBIAN:DSA-1743 URL:http://www.debian.org/security/2009/dsa-1743 MANDRIVA:MDKSA-2007:200 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:200 REDHAT:RHSA-2008:0135 URL:http://www.redhat.com/support/errata/RHSA-2008-0135.html REDHAT:RHSA-2008:0134 URL:http://www.redhat.com/support/errata/RHSA-2008-0134.html SUNALERT:237465 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 UBUNTU:USN-529-1 URL:http://www.ubuntu.com/usn/usn-529-1 VIM:20071012 clarification on multiple Tk overflow issues URL:http://www.attrition.org/pipermail/vim/2007-October/001826.html BID:26056 URL:http://www.securityfocus.com/bid/26056 OVAL:oval:org.mitre.oval:def:9480 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480 SECUNIA:34297 URL:http://secunia.com/advisories/34297 VUPEN:ADV-2008-1456 URL:http://www.vupen.com/english/advisories/2008/1456/references VUPEN:ADV-2008-1744 URL:http://www.vupen.com/english/advisories/2008/1744 SECUNIA:27207 URL:http://secunia.com/advisories/27207 SECUNIA:27295 URL:http://secunia.com/advisories/27295 SECUNIA:27801 URL:http://secunia.com/advisories/27801 SECUNIA:27806 URL:http://secunia.com/advisories/27806 SECUNIA:29070 URL:http://secunia.com/advisories/29070 SECUNIA:30129 URL:http://secunia.com/advisories/30129 SECUNIA:30535 URL:http://secunia.com/advisories/30535 XF:tktoolkit-filereadgif-dos(37189) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/37189
Assigning CNA
N/A
Date Entry Created
20071011	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071011)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org