Search for vulnerabilities
Vulnerability details: VCID-xjwx-te5y-aaaj
Vulnerability ID VCID-xjwx-te5y-aaaj
Aliases CVE-2007-5378
Summary Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers the overflow in the ReadImage function, a different vulnerability than CVE-2007-5137.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
System Score Found at
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0134
rhas Moderate https://access.redhat.com/errata/RHSA-2008:0135
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01359 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.01469 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.03587 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
epss 0.038 https://api.first.org/data/v1/epss?cve=CVE-2007-5378
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=332021
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2007-5378
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-5378.json
https://api.first.org/data/v1/epss?cve=CVE-2007-5378
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5378
http://secunia.com/advisories/27207
http://secunia.com/advisories/27295
http://secunia.com/advisories/27801
http://secunia.com/advisories/27806
http://secunia.com/advisories/29070
http://secunia.com/advisories/30129
http://secunia.com/advisories/30535
http://secunia.com/advisories/34297
https://exchange.xforce.ibmcloud.com/vulnerabilities/37189
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9480
https://sourceforge.net/tracker/?func=detail&atid=112997&aid=1458234&group_id=12997
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1
http://www.attrition.org/pipermail/vim/2007-October/001826.html
http://www.debian.org/security/2007/dsa-1415
http://www.debian.org/security/2007/dsa-1416
http://www.debian.org/security/2009/dsa-1743
http://www.mandriva.com/security/advisories?name=MDKSA-2007:200
http://www.redhat.com/support/errata/RHSA-2008-0134.html
http://www.redhat.com/support/errata/RHSA-2008-0135.html
http://www.securityfocus.com/archive/1/493080/100/0/threaded
http://www.securityfocus.com/bid/26056
http://www.ubuntu.com/usn/usn-529-1
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
http://www.vupen.com/english/advisories/2008/1456/references
http://www.vupen.com/english/advisories/2008/1744
332021 https://bugzilla.redhat.com/show_bug.cgi?id=332021
446465 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446465
cpe:2.3:a:tcl_tk:tk_toolkit:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:tcl_tk:tk_toolkit:*:*:*:*:*:*:*:*
CVE-2007-5378 https://nvd.nist.gov/vuln/detail/CVE-2007-5378
RHSA-2008:0134 https://access.redhat.com/errata/RHSA-2008:0134
RHSA-2008:0135 https://access.redhat.com/errata/RHSA-2008:0135
USN-529-1 https://usn.ubuntu.com/529-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2007-5378
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.79077
EPSS Score 0.01359
Published At April 26, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.