CVE-2007-5137

EPSS 8.0%

libtk-img - arbitrary code execution

Published: 9/28/2007Modified: 4/28/2026

Also known as:DEBIAN-CVE-2007-5137

Description

Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.

Affected packages (2)

Debian/libtk-imgfrom 0, < 1.3-release-8
Debian/libtk-imgfrom 0, < 1:1.3-15etch3

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-5137