|TCL/TK Tk工具包ReadImage()函数GIF文件解析栈溢出漏洞

TCL/TK Tk工具包ReadImage()函数GIF文件解析栈溢出漏洞

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

BUGTRAQ ID: 27655 CVE(CAN) ID: CVE-2008-0553 Tcl是一种简明，高效，可移植的编程语言。在Tcl的Tk工具包中，tkImgGIF.c文件的ReadImage()函数没有正确地验证从GIF图形中所读取的initialCodeSize值。如果用户受骗打开了恶意的GIF图形文件的话，就可能触发栈溢出，导致执行任意指令。 John Ousterhout Tcl < 8.5.1 厂商补丁： Debian ------ Debian已经为此发布了一个安全公告（DSA-1491-1）以及相应补丁: DSA-1491-1：New tk8.4 packages fix arbitrary code execution 链接：<a href=http://www.debian.org/security/2008/dsa-1491 target=_blank>http://www.debian.org/security/2008/dsa-1491</a> 补丁下载： Source archives: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9.orig.tar.gz</a> Size/MD5 checksum: 3266500 1b64258abaf258e9a86f331d8de17a71 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.diff.gz</a> Size/MD5 checksum: 19342 41a2a5bc9b62ecb6bbae8ef6bf9cc23d <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.dsc target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2.dsc</a> Size/MD5 checksum: 672 591b8bd996be45daee43dcb0cd1f8815 Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge2_all.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.9-1sarge2_all.deb</a> Size/MD5 checksum: 775312 89ad74c73bdfed9b2811a05a08b5fe92 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_alpha.deb</a> Size/MD5 checksum: 940460 5118b63aafb55fd885d6360361e39e7c <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_alpha.deb</a> Size/MD5 checksum: 1031446 68fefac513706a03f7c7fb7fcd04d9b9 amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_amd64.deb</a> Size/MD5 checksum: 810124 632854f78763d41d1b9d65b5da1b2909 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_amd64.deb</a> Size/MD5 checksum: 976424 21a43a779b8ed88bc57a37b779380caa arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_arm.deb</a> Size/MD5 checksum: 823992 161c57a5130d0be1a0538531b33b344c <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_arm.deb</a> Size/MD5 checksum: 945242 357bd0c48a6582112b2266d4e816e3e7 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_hppa.deb</a> Size/MD5 checksum: 912888 10d8447e4958053c0c6526e4da09e0fb <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_hppa.deb</a> Size/MD5 checksum: 1046614 3c2f17f53f9556f47c953d96495c4a40 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_i386.deb</a> Size/MD5 checksum: 956188 e5622c965da1e8d140f2e4f200133d00 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_i386.deb</a> Size/MD5 checksum: 793374 1c69c159005de29b0972924005776eb8 ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_ia64.deb</a> Size/MD5 checksum: 1053448 3d8a54d72c65db72771171b86a4a12fa <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_ia64.deb</a> Size/MD5 checksum: 1182510 050234d3ee71b5aca66e9a743804239c m68k architecture (Motorola Mc680x0) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_m68k.deb</a> Size/MD5 checksum: 696458 35db6210d983f12250e0970c17b2e31b <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_m68k.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_m68k.deb</a> Size/MD5 checksum: 909280 9c61aac16b366c5c05eedb2022e72ed6 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mips.deb</a> Size/MD5 checksum: 838884 f4509833e2022ff4c9251526697db137 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mips.deb</a> Size/MD5 checksum: 974098 ebedb583012e093aafeeb2185ddd20cf mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_mipsel.deb</a> Size/MD5 checksum: 834690 6dadf0e560251c7c3374e7084e8da83b <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_mipsel.deb</a> Size/MD5 checksum: 972004 d66acaffd44af8463f74710a7601fefd powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_powerpc.deb</a> Size/MD5 checksum: 972350 f4a9e8bf74f42b25c34db8f1568c9d8d <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_powerpc.deb</a> Size/MD5 checksum: 810052 e9701b9dca60a3fdd84c46c1f555dd83 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_s390.deb</a> Size/MD5 checksum: 807464 d4d73b1478eae680b2003fdec6f4ceb3 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_s390.deb</a> Size/MD5 checksum: 979890 8bfb0cc0fd20a4b0d8487df2e692add8 sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.9-1sarge2_sparc.deb</a> Size/MD5 checksum: 958298 31f02fcdbb4063289c50e3e92cef6378 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.9-1sarge2_sparc.deb</a> Size/MD5 checksum: 806214 3cb0e95afa875185fe457ef7d317f9db Debian 4.0 (stable) - ------------------- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.dsc target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.dsc</a> Size/MD5 checksum: 673 8a67dd58d45ad9c4705102a2de8d6987 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12.orig.tar.gz</a> Size/MD5 checksum: 3245547 316491cb82d898b434842353aed1f0d6 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.diff.gz target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2.diff.gz</a> Size/MD5 checksum: 21747 77aa57e251bf839048c9048af5ba20ad Architecture independent packages: <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch2_all.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-doc_8.4.12-1etch2_all.deb</a> Size/MD5 checksum: 788438 d8614ab0eeaea332d7f85b7635093c98 alpha architecture (DEC Alpha) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_alpha.deb</a> Size/MD5 checksum: 968030 3fc751321940ad0bbc2322e48b6e8339 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_alpha.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_alpha.deb</a> Size/MD5 checksum: 1050864 c3dc809a22c8690810ef707a52f8b1fe amd64 architecture (AMD x86_64 (AMD64)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_amd64.deb</a> Size/MD5 checksum: 1008902 80d89dcf9bc8d600269584bbe2f28e91 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_amd64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_amd64.deb</a> Size/MD5 checksum: 839362 58db7235b1da2ea5e3ee391f8224c5f3 arm architecture (ARM) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_arm.deb</a> Size/MD5 checksum: 793906 375b065e080b63584ab7ee902d4e70e0 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_arm.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_arm.deb</a> Size/MD5 checksum: 971658 226561f98ba563d0903a60f1f694fef7 hppa architecture (HP PA RISC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_hppa.deb</a> Size/MD5 checksum: 1073442 46ecf3cef8d61feba191f9c9d3f5cc2e <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_hppa.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_hppa.deb</a> Size/MD5 checksum: 931724 00de88d90abc1ec6424b5d0addf6b1c4 i386 architecture (Intel ia32) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_i386.deb</a> Size/MD5 checksum: 977632 015be44e613a751af013c706c0b87ab2 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_i386.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_i386.deb</a> Size/MD5 checksum: 820786 586b4a3739f1c4f658e13e70f851d57c ia64 architecture (Intel ia64) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_ia64.deb</a> Size/MD5 checksum: 1136290 b98650c6ecab03b0fee872e1907411c5 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_ia64.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_ia64.deb</a> Size/MD5 checksum: 1259618 d69ea6067cdb6528be0cd686b5c00696 mips architecture (MIPS (Big Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mips.deb</a> Size/MD5 checksum: 877896 cf9a61ae0049a26815e56ab2ab02dd87 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mips.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mips.deb</a> Size/MD5 checksum: 1000308 149a697aa365874121d524b5f6614d50 mipsel architecture (MIPS (Little Endian)) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_mipsel.deb</a> Size/MD5 checksum: 999208 4d12b599580d276d09b940defe2456da <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mipsel.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_mipsel.deb</a> Size/MD5 checksum: 875858 4beeaf45a820b04da0d488246d518c79 powerpc architecture (PowerPC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_powerpc.deb</a> Size/MD5 checksum: 998938 49b55bf5805216d61f976585c8528b14 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_powerpc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_powerpc.deb</a> Size/MD5 checksum: 807072 a68c5a00c1d17b0f8070b70f91edca11 s390 architecture (IBM S/390) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_s390.deb</a> Size/MD5 checksum: 1016866 020ee08295df231dba7100d68f4306b1 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_s390.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_s390.deb</a> Size/MD5 checksum: 847188 6bfb7c319ef6bf4a1cff60a291b32cca sparc architecture (Sun SPARC/UltraSPARC) <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4_8.4.12-1etch2_sparc.deb</a> Size/MD5 checksum: 978996 16b0c114b0feb65c39b7d453b294a348 <a href=http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_sparc.deb target=_blank>http://security.debian.org/pool/updates/main/t/tk8.4/tk8.4-dev_8.4.12-1etch2_sparc.deb</a> Size/MD5 checksum: 826650 baaac055088de0ea43775911f1d6c009 补丁安装方法： 1. 手工安装补丁包：首先，使用下面的命令来下载补丁软件： # wget url (url是补丁下载链接地址) 然后，使用下面的命令来安装补丁： # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包：首先，使用下面的命令更新内部数据库： # apt-get update 然后，使用下面的命令安装更新软件包： # apt-get upgrade RedHat ------ RedHat已经为此发布了一个安全公告（RHSA-2008:0136-01）以及相应补丁: RHSA-2008:0136-01：Moderate: tk security update 链接：<a href=https://www.redhat.com/support/errata/RHSA-2008-0136.html target=_blank>https://www.redhat.com/support/errata/RHSA-2008-0136.html</a> John Ousterhout --------------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.tcl.tk/software/tcltk/download.html target=_blank>http://www.tcl.tk/software/tcltk/download.html</a>

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™