Debian Security Advisory DSA 1743-1 (libtk-img)

The remote host is missing an update to libtk-img announced via advisory DSA 1743-1.

Two buffer overflows have been found in the GIF image parsing code of Tk, a cross-platform graphical toolkit, which could lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-5137 It was discovered that libtk-img is prone to a buffer overflow via specially crafted multi-frame interlaced GIF files. CVE-2007-5378 It was discovered that libtk-img is prone to a buffer overflow via specially crafted GIF files with certain subimage sizes. For the stable distribution (lenny), these problems have been fixed in version 1.3-release-7+lenny1. For the oldstable distribution (etch), these problems have been fixed in version 1.3-15etch3. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 1.3-release-8. We recommend that you upgrade your libtk-img packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201743-1