Launchpad CVE tracker

CVE 2014-2497

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Related bugs and status

CVE-2014-2497 (Candidate) is related to these bugs:

Bug #1360148: UPDATE REQUEST: php54 5.4.32 is available upstream

Summary				In	Importance	Status
	1360148	UPDATE REQUEST: php54 5.4.32 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1360150: UPDATE REQUEST: php55u 5.5.16 is available upstream

Summary				In	Importance	Status
	1360150	UPDATE REQUEST: php55u 5.5.16 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.php.net/b...
CONFIRM: https://bugzilla.redha...
SUSE: SUSE-SU-2014:0868
SUSE: SUSE-SU-2014:0869
SECUNIA: 59652
REDHAT: RHSA-2014:1326
REDHAT: RHSA-2014:1327
REDHAT: RHSA-2014:1765
REDHAT: RHSA-2014:1766
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
DEBIAN: DSA-3215
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:153
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201607-04
BID: 66233
UBUNTU: USN-2987-1
SECUNIA: 59061
SECUNIA: 59418
SECUNIA: 59496

Launchpad.net

CVE 2014-2497

Related bugs and status

Related bugs

References