Your submission was sent successfully! Close

CVE-2014-2497

Published: 21 March 2014

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Priority

Low

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
lucid Ignored
(reached end-of-life)
precise
Released (2.0.36~rc1~dfsg-6ubuntu2.1)
quantal Ignored
(reached end-of-life)
saucy Ignored
(reached end-of-life)
trusty
Released (2.1.0-3ubuntu0.1)
upstream
Released (2.1.0-4)
utopic Ignored
(reached end-of-life)
vivid Not vulnerable
(2.1.0-5)
wily Not vulnerable
(2.1.0-5)
xenial Not vulnerable
(2.1.0-5)
php5
Launchpad, Ubuntu, Debian
lucid Not vulnerable
(uses system gd)
precise Not vulnerable
(uses system gd)
quantal Not vulnerable
(uses system gd)
saucy Not vulnerable
(uses system gd)
trusty Not vulnerable
(uses system gd)
upstream Needs triage

utopic Not vulnerable
(uses system gd)
vivid Not vulnerable
(uses system gd)
wily Not vulnerable
(uses system gd)
xenial Does not exist