CVE-2014-2497

Published: Mar 21, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

SUSE-SU-2014:0868

vendor-advisory

x_refsource_SUSE

MDVSA-2015:153

vendor-advisory

x_refsource_MANDRIVA

59418

third-party-advisory

x_refsource_SECUNIA

https://support.apple.com/HT204659

x_refsource_CONFIRM

59496

third-party-advisory

x_refsource_SECUNIA

RHSA-2014:1766

vendor-advisory

x_refsource_REDHAT

59652

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=1076676

x_refsource_CONFIRM

SUSE-SU-2014:0869

vendor-advisory

x_refsource_SUSE

DSA-3215

vendor-advisory

x_refsource_DEBIAN

59061

third-party-advisory

x_refsource_SECUNIA

GLSA-201607-04

vendor-advisory

x_refsource_GENTOO

RHSA-2014:1326

vendor-advisory

x_refsource_REDHAT

http://advisories.mageia.org/MGASA-2014-0288.html

x_refsource_CONFIRM

APPLE-SA-2015-04-08-2

vendor-advisory

x_refsource_APPLE

66233

vdb-entry

x_refsource_BID

USN-2987-1

vendor-advisory

x_refsource_UBUNTU

RHSA-2014:1327

vendor-advisory

x_refsource_REDHAT

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

x_refsource_CONFIRM

RHSA-2014:1765

vendor-advisory

x_refsource_REDHAT

https://bugs.php.net/bug.php?id=66901

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-2497

Description

Affected Products

References