Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-0553

Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in Tk (Tcl/Tk) before 8.5.1 allows remote attackers to execute arbitrary code via a crafted GIF image, a similar issue to CVE-2006-4484.

Security Impact Summary

CVE-2008-0553 is a security vulnerability that . Impacting 1 product from tcl_tk organizations running these solutions should prioritize assessment and patching.

Historical Context

Originally identified in 2008, this vulnerability predates many modern security frameworks and practices. The vulnerability landscape of that era was characterized by different threat models and less mature defense mechanisms compared to contemporary standards.

Published

2008-02-07T21:00:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	tcl_tk	tcl_tk	≤ 8.4.17	Yes
Application	tcl_tk	tcl_tk	2.1	Yes
Application	tcl_tk	tcl_tk	3.3	Yes
Application	tcl_tk	tcl_tk	4.0p1	Yes
Application	tcl_tk	tcl_tk	6.1	Yes
Application	tcl_tk	tcl_tk	6.1p1	Yes
Application	tcl_tk	tcl_tk	6.2	Yes
Application	tcl_tk	tcl_tk	6.4	Yes
Application	tcl_tk	tcl_tk	6.5	Yes
Application	tcl_tk	tcl_tk	6.6	Yes
Application	tcl_tk	tcl_tk	6.7	Yes
Application	tcl_tk	tcl_tk	7.0	Yes
Application	tcl_tk	tcl_tk	7.1	Yes
Application	tcl_tk	tcl_tk	7.3	Yes
Application	tcl_tk	tcl_tk	7.4	Yes
Application	tcl_tk	tcl_tk	7.5	Yes
Application	tcl_tk	tcl_tk	7.5p1	Yes
Application	tcl_tk	tcl_tk	7.6	Yes
Application	tcl_tk	tcl_tk	7.6p2	Yes
Application	tcl_tk	tcl_tk	8.0	Yes
Application	tcl_tk	tcl_tk	8.0.3	Yes
Application	tcl_tk	tcl_tk	8.0.4	Yes
Application	tcl_tk	tcl_tk	8.0.5	Yes
Application	tcl_tk	tcl_tk	8.0p2	Yes
Application	tcl_tk	tcl_tk	8.1	Yes
Application	tcl_tk	tcl_tk	8.1.1	Yes
Application	tcl_tk	tcl_tk	8.2.0	Yes
Application	tcl_tk	tcl_tk	8.2.1	Yes
Application	tcl_tk	tcl_tk	8.2.2	Yes
Application	tcl_tk	tcl_tk	8.2.3	Yes
Application	tcl_tk	tcl_tk	8.3.0	Yes
Application	tcl_tk	tcl_tk	8.3.1	Yes
Application	tcl_tk	tcl_tk	8.3.2	Yes
Application	tcl_tk	tcl_tk	8.3.3	Yes
Application	tcl_tk	tcl_tk	8.3.4	Yes
Application	tcl_tk	tcl_tk	8.3.5	Yes
Application	tcl_tk	tcl_tk	8.4.0	Yes
Application	tcl_tk	tcl_tk	8.4.1	Yes
Application	tcl_tk	tcl_tk	8.4.2	Yes
Application	tcl_tk	tcl_tk	8.4.3	Yes
Application	tcl_tk	tcl_tk	8.4.4	Yes
Application	tcl_tk	tcl_tk	8.4.5	Yes
Application	tcl_tk	tcl_tk	8.4.6	Yes
Application	tcl_tk	tcl_tk	8.4.7	Yes
Application	tcl_tk	tcl_tk	8.4.8	Yes
Application	tcl_tk	tcl_tk	8.4.9	Yes
Application	tcl_tk	tcl_tk	8.4.10	Yes
Application	tcl_tk	tcl_tk	8.4.11	Yes
Application	tcl_tk	tcl_tk	8.4.12	Yes
Application	tcl_tk	tcl_tk	8.4.13	Yes
Application	tcl_tk	tcl_tk	8.4.14	Yes
Application	tcl_tk	tcl_tk	8.4.15	Yes
Application	tcl_tk	tcl_tk	8.4.16	Yes
Application	tcl_tk	tcl_tk	8.4a2	Yes
Application	tcl_tk	tcl_tk	8.4a3	Yes
Application	tcl_tk	tcl_tk	8.4a4	Yes
Application	tcl_tk	tcl_tk	8.4b1	Yes
Application	tcl_tk	tcl_tk	8.4b2	Yes
Application	tcl_tk	tcl_tk	8.5.0	Yes
Application	tcl_tk	tcl_tk	8.5_a3	Yes
Application	tcl_tk	tcl_tk	8.5a1	Yes
Application	tcl_tk	tcl_tk	8.5a2	Yes
Application	tcl_tk	tcl_tk	8.5a3	Yes
Application	tcl_tk	tcl_tk	8.5a4	Yes
Application	tcl_tk	tcl_tk	8.5a5	Yes
Application	tcl_tk	tcl_tk	8.5a6	Yes
Application	tcl_tk	tcl_tk	8.5b1	Yes
Application	tcl_tk	tcl_tk	8.5b2	Yes
Application	tcl_tk	tcl_tk	8.5b3	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html ([email protected])
http://secunia.com/advisories/28784 Patch, Vendor Advisory ([email protected])
http://secunia.com/advisories/28807 Vendor Advisory ([email protected])
http://secunia.com/advisories/28848 Vendor Advisory ([email protected])
http://secunia.com/advisories/28857 Vendor Advisory ([email protected])
http://secunia.com/advisories/28867 Vendor Advisory ([email protected])
http://secunia.com/advisories/28954 Vendor Advisory ([email protected])
http://secunia.com/advisories/29069 Vendor Advisory ([email protected])
http://secunia.com/advisories/29070 Vendor Advisory ([email protected])
http://secunia.com/advisories/29622 Vendor Advisory ([email protected])
http://secunia.com/advisories/30129 Vendor Advisory ([email protected])
http://secunia.com/advisories/30188 Vendor Advisory ([email protected])
http://secunia.com/advisories/30535 Vendor Advisory ([email protected])
http://secunia.com/advisories/30717 Vendor Advisory ([email protected])
http://secunia.com/advisories/30783 Vendor Advisory ([email protected])
http://secunia.com/advisories/32608 ([email protected])
http://securitytracker.com/id?1019309 ([email protected])
http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894 ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 ([email protected])
http://ubuntu.com/usn/usn-664-1 ([email protected])
http://wiki.rpath.com/Advisories:rPSA-2008-0054 ([email protected])
http://www.debian.org/security/2008/dsa-1490 ([email protected])
http://www.debian.org/security/2008/dsa-1491 ([email protected])
http://www.debian.org/security/2008/dsa-1598 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2008:041 ([email protected])
http://www.novell.com/linux/security/advisories/2008_13_sr.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0134.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0135.html ([email protected])
http://www.redhat.com/support/errata/RHSA-2008-0136.html ([email protected])
http://www.securityfocus.com/archive/1/488069/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/493080/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/27655 Patch ([email protected])
http://www.vmware.com/security/advisories/VMSA-2008-0009.html ([email protected])
http://www.vupen.com/english/advisories/2008/0430 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/1456/references Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2008/1744 Vendor Advisory ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=431518 ([email protected])
https://issues.rpath.com/browse/RPL-2215 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098 ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28784 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28807 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28848 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28857 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28867 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/28954 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29069 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29070 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/29622 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30129 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30188 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30535 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30717 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/30783 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32608 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1019309 (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894 (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1 (af854a3a-2127-422b-91ae-364da2661108)
http://ubuntu.com/usn/usn-664-1 (af854a3a-2127-422b-91ae-364da2661108)
http://wiki.rpath.com/Advisories:rPSA-2008-0054 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1490 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1491 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2008/dsa-1598 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2008:041 (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2008_13_sr.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0134.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0135.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2008-0136.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/488069/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/493080/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/27655 Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.vmware.com/security/advisories/VMSA-2008-0009.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/0430 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1456/references Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/1744 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=431518 (af854a3a-2127-422b-91ae-364da2661108)
https://issues.rpath.com/browse/RPL-2215 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10098 (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html (af854a3a-2127-422b-91ae-364da2661108)

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For tcl_tk's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.