Tk: Buffer overflow
Gentoo Linux Security Advisory
||GLSA 200710-07 / tk
||October 07, 2007
||October 07, 2007: 01
All supported architectures
A buffer overflow vulnerability has been discovered in Tk.
Tk is a toolkit for creating graphical user interfaces.
Reinhard Max discovered a boundary error in Tk when processing an
interlaced GIF with two frames where the second is smaller than the
A remote attacker could entice a user to open a specially crafted GIF
image with a Tk-based software, possibly resulting in the execution of
arbitrary code with the privileges of the user running the application.
There is no known workaround at this time.
All Tk users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/tk-8.4.15-r1"