CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
phpphp
𝑥
< 5.4.32
phpphp
5.5.0 ≤
𝑥
< 5.5.16
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
canonicalubuntu_linux
16.04
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
6.5
redhatenterprise_linux_eus
7.3
redhatenterprise_linux_eus
7.4
redhatenterprise_linux_eus
7.5
redhatenterprise_linux_eus
7.6
redhatenterprise_linux_eus
7.7
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
6.5
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_tus
6.5
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
7.0
debiandebian_linux
8.0
oraclesolaris
11.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgd2
bookworm
2.3.3-9
fixed
bullseye
2.3.0-2
fixed
sid
2.3.3-12
fixed
squeeze
not-affected
trixie
2.3.3-12
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgd2
lucid
ignored
precise
Fixed 2.0.36~rc1~dfsg-6ubuntu2.1
released
quantal
ignored
saucy
ignored
trusty
Fixed 2.1.0-3ubuntu0.1
released
utopic
ignored
vivid
not-affected
wily
not-affected
xenial
not-affected
php5
lucid
not-affected
precise
not-affected
quantal
not-affected
saucy
not-affected
trusty
not-affected
utopic
not-affected
vivid
not-affected
wily
not-affected
xenial
dne
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
gd
suse enterprise desktop 15
2.2.5-2.22
fixed
suse enterprise desktop 15 SP1
2.2.5-4.6.1
fixed
suse enterprise desktop 15 SP2
2.2.5-9.1
fixed
suse enterprise sap 15
2.2.5-2.22
fixed
suse enterprise sap 15 SP1
2.2.5-4.6.1
fixed
suse enterprise sap 15 SP2
2.2.5-9.1
fixed
suse enterprise server 15
2.2.5-2.22
fixed
suse enterprise server 15 SP1
2.2.5-4.6.1
fixed
suse enterprise server 15 SP2
2.2.5-9.1
fixed
gd-devel
suse enterprise desktop 15
2.2.5-2.22
fixed
suse enterprise desktop 15 SP1
2.2.5-4.6.1
fixed
suse enterprise desktop 15 SP2
2.2.5-9.1
fixed
suse enterprise desktop 15 SP3
2.2.5-9.1
fixed
suse enterprise desktop 15 SP4
2.2.5-11.3.1
fixed
suse enterprise desktop 15 SP5
2.2.5-11.3.1
fixed
suse enterprise desktop 15 SP6
2.2.5-11.3.1
fixed
suse enterprise desktop 15 SP7
2.2.5-11.3.1
fixed
suse enterprise sap 15
2.2.5-2.22
fixed
suse enterprise sap 15 SP1
2.2.5-4.6.1
fixed
suse enterprise sap 15 SP2
2.2.5-9.1
fixed
suse enterprise sap 15 SP3
2.2.5-9.1
fixed
suse enterprise sap 15 SP4
2.2.5-11.3.1
fixed
suse enterprise sap 15 SP5
2.2.5-11.3.1
fixed
suse enterprise sap 15 SP6
2.2.5-11.3.1
fixed
suse enterprise sap 15 SP7
2.2.5-11.3.1
fixed
suse enterprise server 15
2.2.5-2.22
fixed
suse enterprise server 15 SP1
2.2.5-4.6.1
fixed
suse enterprise server 15 SP2
2.2.5-9.1
fixed
suse enterprise server 15 SP3
2.2.5-9.1
fixed
suse enterprise server 15 SP4
2.2.5-11.3.1
fixed
suse enterprise server 15 SP5
2.2.5-11.3.1
fixed
suse enterprise server 15 SP6
2.2.5-11.3.1
fixed
suse enterprise server 15 SP7
2.2.5-11.3.1
fixed
libgd3
suse enterprise desktop 15 SP3
2.2.5-9.1
fixed
suse enterprise desktop 15 SP4
2.2.5-11.3.1
fixed
suse enterprise desktop 15 SP5
2.2.5-11.3.1
fixed
suse enterprise desktop 15 SP6
2.2.5-11.3.1
fixed
suse enterprise desktop 15 SP7
2.2.5-11.3.1
fixed
suse enterprise sap 15 SP3
2.2.5-9.1
fixed
suse enterprise sap 15 SP4
2.2.5-11.3.1
fixed
suse enterprise sap 15 SP5
2.2.5-11.3.1
fixed
suse enterprise sap 15 SP6
2.2.5-11.3.1
fixed
suse enterprise sap 15 SP7
2.2.5-11.3.1
fixed
suse enterprise server 15 SP3
2.2.5-9.1
fixed
suse enterprise server 15 SP4
2.2.5-11.3.1
fixed
suse enterprise server 15 SP5
2.2.5-11.3.1
fixed
suse enterprise server 15 SP6
2.2.5-11.3.1
fixed
suse enterprise server 15 SP7
2.2.5-11.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
php
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-bcmath
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-cli
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-common
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-dba
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-devel
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-embedded
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-enchant
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-fpm
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-gd
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-imap
RHEL 6
0:5.3.3-27.el6_5.2
fixed
php-intl
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-ldap
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-mbstring
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-mysql
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-mysqlnd
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-odbc
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-pdo
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-pgsql
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-process
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-pspell
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-recode
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-snmp
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-soap
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-tidy
RHEL 6
0:5.3.3-27.el6_5.2
fixed
php-xml
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-xmlrpc
RHEL 6
0:5.3.3-27.el6_5.2
fixed
RHEL 7
0:5.4.16-23.el7_0.1
fixed
php-zts
RHEL 6
0:5.3.3-27.el6_5.2
fixed
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0288.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59061
http://secunia.com/advisories/59418
http://secunia.com/advisories/59496
http://secunia.com/advisories/59652
http://www.debian.org/security/2015/dsa-3215
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/66233
http://www.ubuntu.com/usn/USN-2987-1
https://bugs.php.net/bug.php?id=66901
https://bugzilla.redhat.com/show_bug.cgi?id=1076676
https://security.gentoo.org/glsa/201607-04
https://support.apple.com/HT204659
http://advisories.mageia.org/MGASA-2014-0288.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59061
http://secunia.com/advisories/59418
http://secunia.com/advisories/59496
http://secunia.com/advisories/59652
http://www.debian.org/security/2015/dsa-3215
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/66233
http://www.ubuntu.com/usn/USN-2987-1
https://bugs.php.net/bug.php?id=66901
https://bugzilla.redhat.com/show_bug.cgi?id=1076676
https://security.gentoo.org/glsa/201607-04
https://support.apple.com/HT204659