Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-2497

Published: 21/03/2014 Updated: 28/09/2022
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Php

Vulnerability Summary

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and previous versions, allows remote malicious users to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

php php

canonical ubuntu linux 15.10

canonical ubuntu linux 14.04

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

suse linux enterprise server 11

suse linux enterprise software development kit 11

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 6.5

redhat enterprise linux server tus 6.5

redhat enterprise linux desktop 6.0

redhat enterprise linux server 6.0

redhat enterprise linux workstation 6.0

redhat enterprise linux server tus 7.3

redhat enterprise linux eus 6.5

redhat enterprise linux eus 7.3

redhat enterprise linux eus 7.4

redhat enterprise linux eus 7.5

redhat enterprise linux eus 7.6

redhat enterprise linux eus 7.7

redhat enterprise linux server aus 7.6

redhat enterprise linux server aus 7.3

redhat enterprise linux server tus 7.6

redhat enterprise linux server tus 7.7

debian debian linux 8.0

debian debian linux 7.0

oracle solaris 11.2

Vendor Advisories

Debian CVElist Bug Report Logs: libgd2: CVE-2014-2497
Debian Bug report logs - #744719 libgd2: CVE-2014-2497 Package: src:libgd2; Maintainer for src:libgd2 is GD Team <team+gd@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 13 Apr 2014 20:30:02 UTC Severity: important Tags: security, upstream Found in version libgd2/2036~rc1~dfsg ...
Ubuntu Security Notice: libgd2 vulnerabilities
The GD library could be made to crash or run programs if it processed a specially crafted image file ...
Debian Security Advisories: DSA-3215-1 libgd2 -- security update
Multiple vulnerabilities were discovered in libgd2, a graphics library: CVE-2014-2497 The gdImageCreateFromXpm() function would try to dereference a NULL pointer when reading an XPM file with a special color table This could allow remote attackers to cause a denial of service (crash) via crafted XPM files CVE-2014-9709 Import ...
Amazon Linux AMI: ALAS-2014-415
A denial of service flaw was found in the way the File Information (fileinfo) extension parsed certain Composite Document Format (CDF) files A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file gd_ctxc in the GD component in PHP 54x before 5432 and 55x before 5516 does not ensu ...

References

CWE-476https://bugs.php.net/bug.php?id=66901https://bugzilla.redhat.com/show_bug.cgi?id=1076676http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlhttp://secunia.com/advisories/59652http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1327.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1326.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1766.htmlhttp://rhn.redhat.com/errata/RHSA-2014-1765.htmlhttps://support.apple.com/HT204659http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlhttp://www.debian.org/security/2015/dsa-3215http://www.mandriva.com/security/advisories?name=MDVSA-2015:153http://advisories.mageia.org/MGASA-2014-0288.htmlhttp://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlhttps://security.gentoo.org/glsa/201607-04http://www.securityfocus.com/bid/66233http://www.ubuntu.com/usn/USN-2987-1http://secunia.com/advisories/59496http://secunia.com/advisories/59418http://secunia.com/advisories/59061https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744719https://usn.ubuntu.com/2987-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook