The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
28 Sep 2022, 20:39
Type | Values Removed | Values Added |
---|---|---|
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1765.html - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1327.html - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201607-04 - Third Party Advisory | |
References | (CONFIRM) http://advisories.mageia.org/MGASA-2014-0288.html - Third Party Advisory | |
References | (APPLE) http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html - Broken Link, Mailing List | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3215 - Third Party Advisory | |
References | (UBUNTU) http://www.ubuntu.com/usn/USN-2987-1 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59652 - Not Applicable | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://support.apple.com/HT204659 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59418 - Not Applicable | |
References | (CONFIRM) http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html - Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1076676 - Issue Tracking, Patch, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59496 - Not Applicable | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2015:153 - Broken Link | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1326.html - Third Party Advisory | |
References | (CONFIRM) https://bugs.php.net/bug.php?id=66901 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/66233 - Third Party Advisory, VDB Entry | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1766.html - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/59061 - Not Applicable | |
CPE | cpe:2.3:a:php:php:5.3.18:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.17:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.13:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.22:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.21:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.13:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.14:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.23:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.18:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.21:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.16:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.17:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.16:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.9:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.27:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.23:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.17:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.20:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.25:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.12:rc2:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.25:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.15:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.24:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.0:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.26:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.20:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.12:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:beta4:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.11:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.16:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.19:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.2:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.5:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.22:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.7:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.14:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.15:rc1:*:*:*:*:*:* cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.6:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.19:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.3.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.10:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.24:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.8:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.2.12:*:*:*:*:*:*:* cpe:2.3:a:php:php:5.4.5:*:*:*:*:*:*:* |
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:* cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:* |
CWE | CWE-476 | |
First Time |
Redhat enterprise Linux Server
Suse linux Enterprise Software Development Kit Redhat enterprise Linux Desktop Redhat Redhat enterprise Linux Workstation Canonical ubuntu Linux Redhat enterprise Linux Server Tus Debian Oracle solaris Suse linux Enterprise Server Debian debian Linux Redhat enterprise Linux Server Aus Canonical Oracle Suse Redhat enterprise Linux Eus |
Information
Published : 2014-03-21 14:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-2497
Mitre link : CVE-2014-2497
CVE.ORG link : CVE-2014-2497
JSON object : View
Products Affected
debian
- debian_linux
oracle
- solaris
redhat
- enterprise_linux_server_aus
- enterprise_linux_server
- enterprise_linux_server_tus
- enterprise_linux_workstation
- enterprise_linux_desktop
- enterprise_linux_eus
php
- php
suse
- linux_enterprise_software_development_kit
- linux_enterprise_server
canonical
- ubuntu_linux
CWE
CWE-476
NULL Pointer Dereference