CVE-2014-2497

Published: 21 March 2014

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Priority

Low

Status

Package Release Status
libgd2
Launchpad, Ubuntu, Debian
Upstream
Released (2.1.0-4)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.1.0-5)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.1.0-3ubuntu0.1)
Patches:
Upstream: https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704
php5
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(uses system gd)