CVE-2007-5378 Information

Description

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier and 8.3.5 and earlier allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage which triggers the overflow in the ReadImage function a different vulnerability than CVE-2007-5137.

Reference

http://secunia.com/advisories/27207 http://secunia.com/advisories/27295 http://secunia.com/advisories/27801 http://secunia.com/advisories/27806 http://secunia.com/advisories/29070 http://secunia.com/advisories/30129 http://secunia.com/advisories/30535 http://secunia.com/advisories/34297 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 http://www.attrition.org/pipermail/vim/2007-October/001826.html http://www.debian.org/security/2007/dsa-1415 http://www.debian.org/security/2007/dsa-1416 http://www.debian.org/security/2009/dsa-1743 http://www.mandriva.com/security/advisories?name=MDKSA-2007:200 http://www.redhat.com/support/errata/RHSA-2008-0134.html http://www.redhat.com/support/errata/RHSA-2008-0135.html http://www.securityfocus.com/archive/1/493080/100/0/threaded http://www.securityfocus.com/bid/26056 http://www.ubuntu.com/usn/usn-529-1 http://www.vmware.com/security/advisories/VMSA-2008-0009.html http://www.vupen.com/english/advisories/2008/1456/references http://www.vupen.com/english/advisories/2008/1744 https://exchange.xforce.ibmcloud.com/vulnerabilities/37189 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9480 https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997