Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » Tk "ReadImage()" GIF Processing Remote Buffer Overflow Vulnerability

 

Release Date: 27/09/2007 Severity: Moderately Critical Moderately Critical
SecWatch Advisory: SWID1019098 Cause: Boundary error
Solution Status: Vendor Patch Impact: Denial of service
Execution of arbitrary code
Exploit Status: None Available Access Vector: From remote
 
Affected Software: Tcl/Tk 8.x
 

 

Description:

A vulnerability in Tk has been reported, which can potentially be exploited by remote users to compromise an application using the library.

A boundary error exists when handling multi-frame interlaced GIFs that contain subsequent frames that are smaller than the first one within the "ReadImage()" function of generic/tkImgGIF.c.  This can be exploited to cause a buffer overflow and potentially execute arbitrary code.

 

Affected:

Tk versions prior to 8.4.16.

 

Solution:

The vulnerability has been fixed in version 8.4.16, available:
http://www.tcl.tk/software/tcl...ftware/tcltk/downloadnow84.tml

 

Credits:

Reported by vendor.

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

06 Feb 08: Tk GIF Processing Remote Buffer Overflow Vulnerability

25 May 07: Tcl Windows Registry Key Local Buffer Overflow Vulnerability