Package: tk8.3 Version: 8.3.5-4 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for tk8.3.
CVE-2007-5137[0]: | Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl | (Tcl/Tk) before 8.4.16 allows remote attackers to execute arbitrary | code via multi-frame interlaced GIF files in which later frames are | smaller than the first. If you fix this vulnerability please also include the CVE id in your changelog entry. Attached is a patch to fix this vulnerability. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137 Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
--- tkImgGIF.c 2002-03-26 03:29:01.000000000 +0100
+++ tkImgGIF.new.c 2007-10-04 20:40:09.000000000 +0200
@@ -960,7 +960,7 @@
/* If interlacing, the next ypos is not just +1 */
if (interlace) {
ypos += interlaceStep[pass];
- while (ypos >= height) {
+ while (ypos >= rows) {
pass++;
if (pass > 3) {
return TCL_OK;
pgpeuOCfPCciK.pgp
Description: PGP signature
