blob: dbbab17b539f8eba869730d45aebf142def7dcf5 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200710-07">
<title>Tk: Buffer overflow</title>
A buffer overflow vulnerability has been discovered in Tk.
<product type="ebuild">tk</product>
<announced>October 07, 2007</announced>
<revised>October 07, 2007: 01</revised>
<package name="dev-lang/tk" auto="yes" arch="*">
<unaffected range="ge">8.4.15-r1</unaffected>
<vulnerable range="lt">8.4.15-r1</vulnerable>
Tk is a toolkit for creating graphical user interfaces.
Reinhard Max discovered a boundary error in Tk when processing an
interlaced GIF with two frames where the second is smaller than the
first one.
<impact type="normal">
A remote attacker could entice a user to open a specially crafted GIF
image with a Tk-based software, possibly resulting in the execution of
arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
All Tk users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-lang/tk-8.4.15-r1&quot;</code>
<uri link="">CVE-2007-4851</uri>
<metadata tag="requester" timestamp="Tue, 25 Sep 2007 09:49:33 +0000">
<metadata tag="bugReady" timestamp="Tue, 25 Sep 2007 09:49:45 +0000">
<metadata tag="submitter" timestamp="Tue, 02 Oct 2007 20:07:14 +0000">