CVE-2014-2497NULL Pointer Dereference in PHP

CWE-476NULL Pointer Dereference13 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
12.1%
top 6.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
PHPCanonical Ubuntu LinuxDebian Linux+9 more
Timeline
PublishedMar 21
Latest updateMay 17

Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages7 packages

NVDphp/php5.5.05.5.16+1
NVDoracle/solaris11.2

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 15.10, 16.04, Enterprise Linux 6.5, 7.3, 7.4, 7.5, 7.6, 7.7

Patches

Patch: bugs.php.netPatch: bugzilla.redhat.comPatch: bugs.php.net

🔴Vulnerability Details

4
GHSA
GHSA-7x54-3j5f-jcr9: The gdImageCreateFromXpm function in gdxpm2022-05-17
OSV
libgd2 vulnerabilities2016-05-31
OSV
CVE-2014-2497: The gdImageCreateFromXpm function in gdxpm2014-03-21
CVEList
CVE-2014-2497: The gdImageCreateFromXpm function in gdxpm2014-03-21

📋Vendor Advisories

4
Ubuntu
GD library vulnerabilities2016-05-31
Red Hat
gd: NULL pointer dereference in gdImageCreateFromXpm()2014-03-13
Debian
CVE-2014-2497: libgd2 - The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and...2014
Apple
CVE-2014-2497: OS X Yosemite v10.10.3 and Security Update 2015-004

💬Community

3
Bugzilla
CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm() [fedora-all]2014-03-24
Bugzilla
CVE-2014-2497 php: gd: NULL pointer dereference in gdImageCreateFromXpm() [fedora-all]2014-03-24
Bugzilla
CVE-2014-2497 gd: NULL pointer dereference in gdImageCreateFromXpm()2014-03-14
CVE-2014-2497 — NULL Pointer Dereference in PHP | cvebase