CVE-2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
phpphp
𝑥
< 5.4.32
phpphp
5.5.0 ≤
𝑥
< 5.5.16
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
15.10
canonicalubuntu_linux
16.04
redhatenterprise_linux_desktop
6.0
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_eus
6.5
redhatenterprise_linux_eus
7.3
redhatenterprise_linux_eus
7.4
redhatenterprise_linux_eus
7.5
redhatenterprise_linux_eus
7.6
redhatenterprise_linux_eus
7.7
redhatenterprise_linux_server
6.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
6.5
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_tus
6.5
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_workstation
6.0
redhatenterprise_linux_workstation
7.0
debiandebian_linux
7.0
debiandebian_linux
8.0
oraclesolaris
11.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libgd2
bullseye
2.3.0-2
fixed
wheezy
not-affected
squeeze
not-affected
bookworm
2.3.3-9
fixed
sid
2.3.3-12
fixed
trixie
2.3.3-12
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libgd2
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
ignored
trusty
Fixed 2.1.0-3ubuntu0.1
released
saucy
ignored
quantal
ignored
precise
Fixed 2.0.36~rc1~dfsg-6ubuntu2.1
released
lucid
ignored
php5
xenial
dne
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
not-affected
saucy
not-affected
quantal
not-affected
precise
not-affected
lucid
not-affected
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0288.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59061
http://secunia.com/advisories/59418
http://secunia.com/advisories/59496
http://secunia.com/advisories/59652
http://www.debian.org/security/2015/dsa-3215
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/66233
http://www.ubuntu.com/usn/USN-2987-1
https://bugs.php.net/bug.php?id=66901
https://bugzilla.redhat.com/show_bug.cgi?id=1076676
https://security.gentoo.org/glsa/201607-04
https://support.apple.com/HT204659
http://advisories.mageia.org/MGASA-2014-0288.html
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
http://rhn.redhat.com/errata/RHSA-2014-1326.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://secunia.com/advisories/59061
http://secunia.com/advisories/59418
http://secunia.com/advisories/59496
http://secunia.com/advisories/59652
http://www.debian.org/security/2015/dsa-3215
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
http://www.securityfocus.com/bid/66233
http://www.ubuntu.com/usn/USN-2987-1
https://bugs.php.net/bug.php?id=66901
https://bugzilla.redhat.com/show_bug.cgi?id=1076676
https://security.gentoo.org/glsa/201607-04
https://support.apple.com/HT204659