PublicDate: 2008-02-07 21:00:00 UTC
Candidate: CVE-2008-0553
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0553
 https://ubuntu.com/security/notices/USN-664-1
Description:
 Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk
 (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via
 a crafted GIF image, a similar issue to CVE-2006-4484.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/191204
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_tk8.4:
 vendor: https://rhn.redhat.com/errata/RHSA-2008-0135.html
 vendor: http://www.debian.org/security/2008/dsa-1491
 vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=464056
 upstream: http://tktoolkit.cvs.sourceforge.net/tktoolkit/tk/generic/tkImgGIF.c?r1=1.40&r2=1.41
upstream_tk8.4: needs-triage
dapper_tk8.4: released (8.4.12-0ubuntu1.2)
edgy_tk8.4: needed (reached end-of-life)
feisty_tk8.4: needed (reached end-of-life)
gutsy_tk8.4: released (8.4.15-1ubuntu1.1)
hardy_tk8.4: released (8.4.16-2ubuntu1.1)
intrepid_tk8.4: not-affected (8.4.19-1)
devel_tk8.4: not-affected (8.4.19-1)

Patches_tk8.5:
upstream_tk8.5: not-affected (8.5.1)
dapper_tk8.5: DNE
edgy_tk8.5: DNE
feisty_tk8.5: DNE
gutsy_tk8.5: DNE
hardy_tk8.5: released (8.5.0-3)
intrepid_tk8.5: released (8.5.0-3)
devel_tk8.5: released (8.5.0-3)

Patches_tk8.3:
 vendor: https://rhn.redhat.com/errata/RHSA-2008-0134.html
 vendor: http://www.debian.org/security/2008/dsa-1490
upstream_tk8.3: needs-triage
dapper_tk8.3: released (8.3.5-4ubuntu1.2)
edgy_tk8.3: needed (reached end-of-life)
feisty_tk8.3: needed (reached end-of-life)
gutsy_tk8.3: released (8.3.5-6ubuntu3.1)
hardy_tk8.3: released (8.3.5-12)
intrepid_tk8.3: released (8.3.5-12)
devel_tk8.3: released (8.3.5-12)

Patches_tk8.0:
upstream_tk8.0: needs-triage
dapper_tk8.0: released (8.0.5-11ubuntu0.1)
edgy_tk8.0: DNE
feisty_tk8.0: DNE
gutsy_tk8.0: DNE
hardy_tk8.0: DNE
intrepid_tk8.0: DNE
devel_tk8.0: DNE