Search for vulnerabilities
Vulnerability details: VCID-x12a-exzb-aaae
Vulnerability ID VCID-x12a-exzb-aaae
Aliases CVE-2007-5137
Summary Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this issue is due to an incorrect patch for CVE-2007-5378.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0136
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.08048 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.12011 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.17147 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.17147 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.17147 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.17147 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
epss 0.33547 https://api.first.org/data/v1/epss?cve=CVE-2007-5137
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=290991
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2007-5137
Reference id Reference type URL
http://bugs.gentoo.org/show_bug.cgi?id=192539
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5137.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5137
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5137
http://secunia.com/advisories/26942
http://secunia.com/advisories/27086
http://secunia.com/advisories/27182
http://secunia.com/advisories/27207
http://secunia.com/advisories/27229
http://secunia.com/advisories/27295
http://secunia.com/advisories/29069
http://secunia.com/advisories/34297
http://security.gentoo.org/glsa/glsa-200710-07.xml
http://sourceforge.net/project/shownotes.php?release_id=541207
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9540
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00261.html
http://www.attrition.org/pipermail/vim/2007-October/001826.html
http://www.debian.org/security/2009/dsa-1743
http://www.mandriva.com/security/advisories?name=MDKSA-2007:200
http://www.novell.com/linux/security/advisories/2007_20_sr.html
http://www.redhat.com/support/errata/RHSA-2008-0136.html
http://www.securityfocus.com/bid/25826
http://www.ubuntu.com/usn/usn-529-1
290991 https://bugzilla.redhat.com/show_bug.cgi?id=290991
cpe:2.3:a:tcl_tk:tcl_tk:8.4.13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tcl_tk:tcl_tk:8.4.13:*:*:*:*:*:*:*
cpe:2.3:a:tcl_tk:tcl_tk:8.4.14:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tcl_tk:tcl_tk:8.4.14:*:*:*:*:*:*:*
cpe:2.3:a:tcl_tk:tcl_tk:8.4.15:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tcl_tk:tcl_tk:8.4.15:*:*:*:*:*:*:*
CVE-2007-5137 https://nvd.nist.gov/vuln/detail/CVE-2007-5137
RHSA-2008:0136 https://access.redhat.com/errata/RHSA-2008:0136
USN-529-1 https://usn.ubuntu.com/529-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-5137
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.91323
EPSS Score 0.08048
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.