[Bug 431529] New: CVE-2008-0553 tk: GIF handling buffer overflow
bugzilla at redhat.com
bugzilla at redhat.com
Tue Feb 5 10:50:23 UTC 2008
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=431529
Summary: CVE-2008-0553 tk: GIF handling buffer overflow
Product: Fedora
Version: rawhide
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: perl-Tk
AssignedTo: andreas.bierfert at lowlatency.de
ReportedBy: andreas.bierfert at lowlatency.de
QAContact: extras-qa at fedoraproject.org
CC: andreas.bierfert at lowlatency.de,fedora-perl-devel-
list at redhat.com,mmaslano at redhat.com,wtogami at redhat.com
+++ This bug was initially created as a clone of Bug #431518 +++
tk GIF handling code is based on the same code as used by gd and SDL_image and
is affected by the overflow known as CVE-2006-4484 and CVE-2007-6697.
ReadImage function in tkImgGIF.c does not properly check the value of
initialCodeSize value read from GIF image before using it as upper bound during
the initialization of append array. This can result in stack buffer overflow.
Upstream fix:
http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
This is expected to be included in upstream tk version 8.5.1.
Related issues:
CVE-2006-4484 (gd), CVE-2007-6697 (SDL_image), CVE-2008-0554 (netpbm)
-- Additional comment from thoger at redhat.com on 2008-02-05 03:55 EST --
perl-Tk uses embedded copy of tk source code and is affected by this problem
too. Adding perl-Tk maintainers to the CC list too.
-- Additional comment from mmaslano at redhat.com on 2008-02-05 03:58 EST --
Tk is fixed in rawhide, F-8, F-7. The upstream fix was used.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-perl-devel-list
mailing list