CVE-2014-2497
Published: 21 March 2014
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
Notes
| Author | Note |
|---|---|
| mdeslaur | php5 uses the system libgd2 php5 in quantal and earlier aren't built with xpm support |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
libgd2 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(reached end-of-life)
|
| precise |
Released
(2.0.36~rc1~dfsg-6ubuntu2.1)
|
|
| quantal |
Ignored
(reached end-of-life)
|
|
| saucy |
Ignored
(reached end-of-life)
|
|
| trusty |
Released
(2.1.0-3ubuntu0.1)
|
|
| upstream |
Released
(2.1.0-4)
|
|
| utopic |
Ignored
(reached end-of-life)
|
|
| vivid |
Not vulnerable
(2.1.0-5)
|
|
| wily |
Not vulnerable
(2.1.0-5)
|
|
| xenial |
Not vulnerable
(2.1.0-5)
|
|
|
Patches: upstream: https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704 |
||
|
php5 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
(uses system gd)
|
| precise |
Not vulnerable
(uses system gd)
|
|
| quantal |
Not vulnerable
(uses system gd)
|
|
| saucy |
Not vulnerable
(uses system gd)
|
|
| trusty |
Not vulnerable
(uses system gd)
|
|
| upstream |
Needs triage
|
|
| utopic |
Not vulnerable
(uses system gd)
|
|
| vivid |
Not vulnerable
(uses system gd)
|
|
| wily |
Not vulnerable
(uses system gd)
|
|
| xenial |
Does not exist
|
|