Vulnerability Details : CVE-2008-0553
Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-0553
- cpe:2.3:a:tcl_tk:tcl_tk:*:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.15:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.13:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.14:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5_a3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5a5:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5a2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4a3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.6p2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:6.7:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:4.0p1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5b2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5b1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.12:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.11:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5a1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4b2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4b1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.4:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:6.4:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5b3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5a4:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4a2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.6:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.5p1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.5:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:6.5:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.16:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5a6:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.5a3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.4a4:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:8.0p2:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:tcl_tk:tcl_tk:6.1p1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0553
16.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0553
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-0553
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0553
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
-
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
VMSA-2008-0009.2
-
https://bugzilla.redhat.com/show_bug.cgi?id=431518
431518 – (CVE-2008-0553) CVE-2008-0553 tk: GIF handling buffer overflow
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:041
Mandriva
-
http://www.securityfocus.com/archive/1/493080/100/0/threaded
-
http://wiki.rpath.com/Advisories:rPSA-2008-0054
-
http://www.vupen.com/english/advisories/2008/1456/references
Site en constructionVendor Advisory
-
http://ubuntu.com/usn/usn-664-1
USN-664-1: Tk vulnerability | Ubuntu security notices | Ubuntu
-
http://www.debian.org/security/2008/dsa-1491
[SECURITY] [DSA 1491-1] New tk8.4 packages fix arbitrary code execution
-
http://www.vupen.com/english/advisories/2008/1744
Webmail: access your OVH emails on ovhcloud.com | OVHcloudVendor Advisory
-
https://issues.rpath.com/browse/RPL-2215
-
http://www.vupen.com/english/advisories/2008/0430
Site en constructionVendor Advisory
-
http://www.debian.org/security/2008/dsa-1490
[SECURITY] [DSA 1490-1] New tk8.3 packages fix arbitrary code execution
-
http://securitytracker.com/id?1019309
GoDaddy Domain Name Search
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html
[SECURITY] Fedora 8 Update: perl-Tk-804.028-3.fc8
-
http://www.redhat.com/support/errata/RHSA-2008-0135.html
Support
-
http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894
Tcl download | SourceForge.net
-
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html
[security-announce] SUSE Security Summary Report SUSE-SR:2008:08 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html
[SECURITY] Fedora 8 Update: tk-8.4.17-2.fc8
-
http://www.securityfocus.com/bid/27655
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098
404 Not Found
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html
[SECURITY] Fedora 7 Update: tk-8.4.13-7.fc7
-
http://www.redhat.com/support/errata/RHSA-2008-0136.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html
[SECURITY] Fedora 7 Update: perl-Tk-804.028-3.fc7
-
http://www.debian.org/security/2008/dsa-1598
[SECURITY] [DSA 1598-1] New libtk-img packages fix arbitrary code execution
-
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html
[SECURITY] Fedora 7 Update: tkimg-1.3-0.8.20080505svn.fc7
-
http://www.redhat.com/support/errata/RHSA-2008-0134.html
Support
-
http://www.securityfocus.com/archive/1/488069/100/0/threaded
-
http://www.novell.com/linux/security/advisories/2008_13_sr.html
404 Page Not Found | SUSE
Jump to