CVE-2014-2497: The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer…

medium4.3CVSS 3.1

AVNACMAuNCNINAP

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Affected

32 ranges· showing 25

Vendor	Product	Version range	Fixed in
apple	os_x_yosemite_v10.10.3_and_security_update_2015-004	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
canonical	ubuntu_linux	—	—
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	libgd2	< libgd2 2.1.0-4 (bookworm)	libgd2 2.1.0-4 (bookworm)
oracle	solaris	—	—
php	php	< 5.4.32	5.4.32
php	php	>= 5.5.0 < 5.5.16	5.5.16
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_desktop	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_eus	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_aus	—	—
redhat	enterprise_linux_server_tus	—	—

CVSS provenance

nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P

osv4.3MEDIUM