Schelte Bron

**Name of the Vulnerable Software and Affected Versions** tk8.4-dev versions 8.4.12 and earlier tcl-devel-8.3.5 version 8.3.5 tclx-8.3 version 8.3 tk8.4 versions 8.4.12 and earlier libtk-img-doc (affected versions not specified) tcllib-1.0 (affected versions not specified) tk8.4-doc (affected versions not specified) tcltk-8.3.3 version 8.3.3 libtk-img (affected versions not specified) tcl-8.3.3 version 8.3.3 tcltk-8.3.5 version 8.3.5 libtk-img-dev (affected versions not specified) tcl-8.3.5 version 8.3.5 **Description** The issue involves multiple vulnerabilities in various packages of Debian GNU/Linux and Red Hat Enterprise Linux operating systems. These vulnerabilities can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation of these vulnerabilities can be carried out remotely. A specific vulnerability is a buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, which allows user-assisted attackers to cause a denial of service via an animated GIF. **Recommendations** For tk8.4-dev versions 8.4.12 and earlier, update to a version later than 8.4.12. For tcl-devel-8.3.5 version 8.3.5, update to a version later than 8.3.5. For tclx-8.3 version 8.3, update to a version later than 8.3. For tk8.4 versions 8.4.12 and earlier, update to a version later than 8.4.12. For libtk-img-doc, tcllib-1.0, tk8.4-doc, libtk-img, and libtk-img-dev, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For tcltk-8.3.3 version 8.3.3, update to a version later than 8.3.3. For tcl-8.3.3 version 8.3.3, update to a version later than 8.3.3. For tcltk-8.3.5 version 8.3.5, update to a version later than 8.3.5. For tcl-8.3.5 version 8.3.5, update to a version later than 8.3.5.