CVE-2014-9709
Published: 30 March 2015
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
Notes
Author | Note |
---|---|
mdeslaur | php5 uses system gd |
Priority
Status
Package | Release | Status |
---|---|---|
libgd2 Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(2.0.36~rc1~dfsg-6ubuntu2.1)
|
|
trusty |
Released
(2.1.0-3ubuntu0.1)
|
|
upstream |
Released
(2.1.0-5)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Not vulnerable
(2.1.0-5)
|
|
wily |
Not vulnerable
(2.1.0-5)
|
|
xenial |
Not vulnerable
(2.1.0-5)
|
|
Patches: upstream: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 upstream: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467 |
||
php5 Launchpad, Ubuntu, Debian |
lucid |
Not vulnerable
|
precise |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
upstream |
Released
(5.6.5+dfsg-1)
|
|
utopic |
Not vulnerable
|
|
vivid |
Not vulnerable
|
|
wily |
Not vulnerable
|
|
xenial |
Does not exist
|
|
Patches: upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695 |