[VIM] clarification on multiple Tk overflow issues

Nikns Siankin nikns at secure.lv
Fri Oct 12 08:27:59 UTC 2007

On Thu, Oct 11, 2007 at 08:27:09PM -0400, Steven M. Christey wrote:
>CVE-2007-5378 - 8.4.12 and earlier
>CVE-2007-5137 - only affects 8.4.13 through 8.4.15; this was an
>incorrect or incomplete patch for CVE-2007-5378.

Hi, Steve!
Why does http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378 is inaccessible?

>Name: CVE-2007-5137
>Status: Candidate
>URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
>Reference: MISC:http://bugs.gentoo.org/show_bug.cgi?id=192539
>Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=541207
>Reference: GENTOO:GLSA-200710-07
>Reference: URL:http://security.gentoo.org/glsa/glsa-200710-07.xml
>Reference: BID:25826
>Reference: URL:http://www.securityfocus.com/bid/25826
>Reference: SECUNIA:26942
>Reference: URL:http://secunia.com/advisories/26942
>Reference: SECUNIA:27086
>Reference: URL:http://secunia.com/advisories/27086
>Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl
>(Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute
>arbitrary code via multi-frame interlaced GIF files in which later
>frames are smaller than the first.  NOTE: this issue is due to an
>incorrect patch for CVE-2007-5378.
>Name: CVE-2007-5378
>Status: Candidate
>URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
>Reference: CONFIRM:https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997
>Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk
>Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows
>user-assisted attackers to cause a denial of service (segmentation
>fault) via an animated GIF in which the first subimage is smaller than
>a subsequent subimage, which triggers the overflow in the ReadImage
>function, a different vulnerability than CVE-2007-5137.

More information about the VIM mailing list