CVE - CVE-2007-5378

CVE-ID
CVE-2007-5378	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:26056 URL:http://www.securityfocus.com/bid/26056 BUGTRAQ:20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues URL:http://www.securityfocus.com/archive/1/493080/100/0/threaded CONFIRM:http://www.vmware.com/security/advisories/VMSA-2008-0009.html CONFIRM:https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997 DEBIAN:DSA-1415 URL:http://www.debian.org/security/2007/dsa-1415 DEBIAN:DSA-1416 URL:http://www.debian.org/security/2007/dsa-1416 DEBIAN:DSA-1743 URL:http://www.debian.org/security/2009/dsa-1743 MANDRIVA:MDKSA-2007:200 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:200 OVAL:oval:org.mitre.oval:def:9480 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480 REDHAT:RHSA-2008:0134 URL:http://www.redhat.com/support/errata/RHSA-2008-0134.html REDHAT:RHSA-2008:0135 URL:http://www.redhat.com/support/errata/RHSA-2008-0135.html SECUNIA:27207 URL:http://secunia.com/advisories/27207 SECUNIA:27295 URL:http://secunia.com/advisories/27295 SECUNIA:27801 URL:http://secunia.com/advisories/27801 SECUNIA:27806 URL:http://secunia.com/advisories/27806 SECUNIA:29070 URL:http://secunia.com/advisories/29070 SECUNIA:30129 URL:http://secunia.com/advisories/30129 SECUNIA:30535 URL:http://secunia.com/advisories/30535 SECUNIA:34297 URL:http://secunia.com/advisories/34297 SUNALERT:237465 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 UBUNTU:USN-529-1 URL:http://www.ubuntu.com/usn/usn-529-1 VIM:20071012 clarification on multiple Tk overflow issues URL:http://www.attrition.org/pipermail/vim/2007-October/001826.html VUPEN:ADV-2008-1456 URL:http://www.vupen.com/english/advisories/2008/1456/references VUPEN:ADV-2008-1744 URL:http://www.vupen.com/english/advisories/2008/1744 XF:tktoolkit-filereadgif-dos(37189) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/37189
Assigning CNA
Canonical Ltd.
Date Record Created
20071011	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20071011)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)