[VIM] clarification on multiple Tk overflow issues
Steven M. Christey
coley at mitre.org
Fri Oct 12 00:27:09 UTC 2007
Ubuntu just informed CVE of an older variant of CVE-2007-5137.
CVE-2007-5378 - 8.4.12 and earlier
CVE-2007-5137 - only affects 8.4.13 through 8.4.15; this was an
incorrect or incomplete patch for CVE-2007-5378.
These issues might look the same. My read on it is: for 5378, the
second frame is LARGER than the first; for 5137, the second frame is
SMALLER than the first.
Note that another ID, CVE-2007-4851, was found to be a duplicate of
CVE-2007-5137, so don't use 4851.
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl
(Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute
arbitrary code via multi-frame interlaced GIF files in which later
frames are smaller than the first. NOTE: this issue is due to an
incorrect patch for CVE-2007-5378.
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk
Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows
user-assisted attackers to cause a denial of service (segmentation
fault) via an animated GIF in which the first subimage is smaller than
a subsequent subimage, which triggers the overflow in the ReadImage
function, a different vulnerability than CVE-2007-5137.
More information about the VIM