GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » Tk GIF Processing Remote Buffer Overflow Vulnerability

 

Release Date: 06/02/2008 Severity: Moderately Critical Moderately Critical
SecWatch Advisory: SWID1020289 Cause: Boundary error
Solution Status: Vendor Patch Impact: Denial of service
Execution of arbitrary code
Exploit Status: None Available Access Vector: From remote
 
Affected Software: Tcl/Tk 8.x
 
Original Advisory: http://sourceforge.net/project/shownotes.php?release_id=573933&group_i..
CVE: CVE-2008-0553
Secunia: SA28784

 

Description:

A vulnerability in Tk has been reported, which can potentially be exploited by remote users to compromise an affected system.

A boundary error exists when processing crafted GIF images in the "ReadImage()" function within tkImgGIF.c, which can be exploited to cause a stack-based buffer overflow and execute arbitrary code.

 

Affected:

Tk version 8.5.1 and prior.

 

Solution:

The vulnerability has been fixed in version 8.5.1, available:
http://www.tcl.tk/software/tcl...k/software/tcltk/download.html

 

Credits:

Reported by vendor.

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

27 Sep 07: Tk "ReadImage()" GIF Processing Remote Buffer Overflow Vulnerabil..

25 May 07: Tcl Windows Registry Key Local Buffer Overflow Vulnerability