Debian Bug report logs - #519072
libtk-img: crashes when loading a certain animated GIF image

version graph

Package: libtk-img; Maintainer for libtk-img is Sergei Golovan <>; Source for libtk-img is src:libtk-img.

Reported by: Sergei Golovan <>

Date: Tue, 10 Mar 2009 09:21:02 UTC

Severity: normal

Found in version libtk-img/1:1.3-release-7

Fixed in version libtk-img/1:1.3-release-8

Done: Sergei Golovan <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Sergei Golovan <>:
Bug#519072; Package libtk-img. (Tue, 10 Mar 2009 09:21:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Sergei Golovan <>:
New Bug report received and forwarded. Copy sent to Sergei Golovan <>. (Tue, 10 Mar 2009 09:21:08 GMT) Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Sergei Golovan <>
To: Debian Bug Tracking System <>
Subject: libtk-img: crashes when loading a certain animated GIF image
Date: Tue, 10 Mar 2009 09:35:31 +0300
[Message part 1 (text/plain, inline)]
Package: libtk-img
Version: 1:1.3-release-7
Severity: normal

The following script crashes with

alloc: invalid block: 0x85a84a8: ef ef ff
zsh: abort      wish

package require Img
image create photo -file 34.gif -format {gif89 -index 2}

(the image is attached).

-- System Information:
Debian Release: 5.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.CP1251, LC_CTYPE=ru_RU.CP1251 (charmap=CP1251)
Shell: /bin/sh linked to /bin/bash

Versions of packages libtk-img depends on:
ii  libc6                  2.7-18            GNU C Library: Shared libraries
ii  libjpeg62              6b-14             The Independent JPEG Group's JPEG 
ii  libpng12-0             1.2.27-2          PNG library - runtime
ii  libtiff4               3.8.2-11          Tag Image File Format (TIFF) libra
ii  libx11-6               2:1.1.5-2         X11 client-side library
ii  tk                     8.4.16-2          The Tk toolkit for Tcl and X11 (de
ii  tk8.3 [wish]           8.3.5-14          Tk toolkit for Tcl and X11, v8.3 -
ii  tk8.4 [wish]           8.4.19-2          Tk toolkit for Tcl and X11, v8.4 -
ii  tk8.5 [wish]           8.5.6-3           Tk toolkit for Tcl and X11, v8.5 -
ii  tk8.6 [wish]           8.6.0~b1-1        Tk toolkit for Tcl and X11, v8.6 -
ii  zlib1g                 1: compression library - runtime

libtk-img recommends no packages.

Versions of packages libtk-img suggests:
pn  libtk-img-doc                 <none>     (no description available)

-- no debconf information
[34.gif (image/gif, attachment)]

Tags added: pending Request was from Sergei Golovan <> to (Wed, 11 Mar 2009 09:21:03 GMT) Full text and rfc822 format available.

Reply sent to Sergei Golovan <>:
You have taken responsibility. (Sat, 14 Mar 2009 06:45:11 GMT) Full text and rfc822 format available.

Notification sent to Sergei Golovan <>:
Bug acknowledged by developer. (Sat, 14 Mar 2009 06:45:11 GMT) Full text and rfc822 format available.

Message #12 received at (full text, mbox):

From: Sergei Golovan <>
Subject: Bug#519072: fixed in libtk-img 1:1.3-release-8
Date: Sat, 14 Mar 2009 06:17:04 +0000
Source: libtk-img
Source-Version: 1:1.3-release-8

We believe that the bug you reported is fixed in the latest version of
libtk-img, which is due to be installed in the Debian FTP archive:

  to pool/main/libt/libtk-img/libtk-img-dev_1.3-release-8_i386.deb
  to pool/main/libt/libtk-img/libtk-img-doc_1.3-release-8_all.deb
  to pool/main/libt/libtk-img/libtk-img_1.3-release-8.diff.gz
  to pool/main/libt/libtk-img/libtk-img_1.3-release-8.dsc
  to pool/main/libt/libtk-img/libtk-img_1.3-release-8_i386.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Sergei Golovan <> (supplier of updated libtk-img package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.8
Date: Sat, 14 Mar 2009 08:42:09 +0300
Source: libtk-img
Binary: libtk-img libtk-img-dev libtk-img-doc
Architecture: source all i386
Version: 1:1.3-release-8
Distribution: unstable
Urgency: high
Maintainer: Sergei Golovan <>
Changed-By: Sergei Golovan <>
 libtk-img  - Extended image format support for Tcl/Tk (runtime)
 libtk-img-dev - Extended image format support for Tcl/Tk (development files)
 libtk-img-doc - Extended image format support for Tcl/Tk (manual pages)
Closes: 519072
 libtk-img (1:1.3-release-8) unstable; urgency=high
   * Applied patch by Nico Golde (previously created for Tk 8.4) which fixes
     security vulnerability CVE-2007-5137 arbitrary code execution via
     multi-frame interlaced GIF.
   * Applied patch by Nico Golde (previously created for Tk 8.4) which fixes
     security vulnerability CVE-2007-5378 overflow triggered by crafted
     GIF file (closes: #519072).
   * Set urgency to high as this upload fixes security vulnerabilities.
   * Mangled Debian version and use SF redirector in debian/watch uscan control
   * Overridden lintian warning on an ancient libtool version in libjpeg
     subdirectory because it isn't used when building the binary package.
 76b56b028685873301bf70dd9d39a74a6be30b8d 1179 libtk-img_1.3-release-8.dsc
 06dd1d56dbb1915c571a4c67d41840ed4de5b350 31770 libtk-img_1.3-release-8.diff.gz
 2cbc8656a3e5b18a19d2a5b00e5565a67e878d0f 89110 libtk-img-doc_1.3-release-8_all.deb
 b9d585c6c1bf7b30c307b983dfa83404bb5beafe 119012 libtk-img_1.3-release-8_i386.deb
 dcd60029e6aa5b0ed414e7bd3a3bc546271bff7c 59860 libtk-img-dev_1.3-release-8_i386.deb
 1e29bb9d56b1d5cce4ce3ed6e3d000d11f870dca0f8e8fcebf4c02f7d6bf0723 1179 libtk-img_1.3-release-8.dsc
 07a8bd02039d6d5000185e2ddc5c751196d60a42b7dec6476200f5ab28c8d1c3 31770 libtk-img_1.3-release-8.diff.gz
 7f116049af6c36a98c39137f76462ed5583d937e16e58a78d3bcea88e72b9262 89110 libtk-img-doc_1.3-release-8_all.deb
 1b2d7733860b3a31e07b76bba4cb20ead6b0f5a3aa070bf2f4b08b30df0c5f2e 119012 libtk-img_1.3-release-8_i386.deb
 a622411f7f6c33488eb5ee166c4efea543d9720a142de9f06eb8776a2449417a 59860 libtk-img-dev_1.3-release-8_i386.deb
 3d1c7d3b7481f817f70c1fb7c9e66137 1179 libs optional libtk-img_1.3-release-8.dsc
 02e08a84795d20a9d660a19a0aedfa5a 31770 libs optional libtk-img_1.3-release-8.diff.gz
 6b3a3deb05f8707b5da0cb7dd41b151a 89110 doc optional libtk-img-doc_1.3-release-8_all.deb
 32d3fb0240b619b2a425f894fd6ca843 119012 libs optional libtk-img_1.3-release-8_i386.deb
 f3e42089a3256d8fce21d3361788a9fa 59860 libdevel optional libtk-img-dev_1.3-release-8_i386.deb

Version: GnuPG v1.4.9 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Tue, 14 Apr 2009 07:35:20 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Fri Apr 25 09:19:48 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.