CVE-2008-0553

Published: 7 February 2008

Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

Priority

Status

Package	Release	Status
tk8.0 Launchpad, Ubuntu, Debian	dapper	Released (8.0.5-11ubuntu0.1)
	edgy	Does not exist
	feisty	Does not exist
	gutsy	Does not exist
	hardy	Does not exist
	intrepid	Does not exist
	upstream	Needs triage
tk8.3 Launchpad, Ubuntu, Debian	dapper	Released (8.3.5-4ubuntu1.2)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Released (8.3.5-6ubuntu3.1)
	hardy	Released (8.3.5-12)
	intrepid	Released (8.3.5-12)
	upstream	Needs triage
	Patches: vendor: https://rhn.redhat.com/errata/RHSA-2008-0134.html vendor: http://www.debian.org/security/2008/dsa-1490
tk8.4 Launchpad, Ubuntu, Debian	dapper	Released (8.4.12-0ubuntu1.2)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Released (8.4.15-1ubuntu1.1)
	hardy	Released (8.4.16-2ubuntu1.1)
	intrepid	Not vulnerable (8.4.19-1)
	upstream	Needs triage
	Patches: vendor: https://rhn.redhat.com/errata/RHSA-2008-0135.html vendor: http://www.debian.org/security/2008/dsa-1491 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056 upstream: http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
tk8.5 Launchpad, Ubuntu, Debian	dapper	Does not exist
	edgy	Does not exist
	feisty	Does not exist
	gutsy	Does not exist
	hardy	Released (8.5.0-3)
	intrepid	Released (8.5.0-3)
	upstream	Not vulnerable (8.5.1)

References

Bugs

https://bugs.launchpad.net/bugs/191204

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›