Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2497

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2497
Last Modified 14 Apr 2015 10:00:20
Published 21 Mar 2014 10:55:12
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2497

Summary

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Vulnerable Systems

Application

  • Php 5.0.0

  • Php 5.0.1

  • Php 5.0.2

  • Php 5.0.3

  • Php 5.0.4

  • Php 5.0.5

  • Php 5.1.0

  • Php 5.1.1

  • Php 5.1.2

  • Php 5.1.3

  • Php 5.1.4

  • Php 5.1.5

  • Php 5.1.6

  • Php 5.2.0

  • Php 5.2.1

  • Php 5.2.10

  • Php 5.2.11

  • Php 5.2.12

  • Php 5.2.13

  • Php 5.2.14

  • Php 5.2.15

  • Php 5.2.16

  • Php 5.2.17

  • Php 5.2.2

  • Php 5.2.3

  • Php 5.2.4

  • Php 5.2.5

  • Php 5.2.6

  • Php 5.2.7

  • Php 5.2.8

  • Php 5.2.9

  • Php 5.3.0

  • Php 5.3.1

  • Php 5.3.10

  • Php 5.3.11

  • Php 5.3.12

  • Php 5.3.13

  • Php 5.3.14

  • Php 5.3.15

  • Php 5.3.16

  • Php 5.3.17

  • Php 5.3.18

  • Php 5.3.19

  • Php 5.3.2

  • Php 5.3.20

  • Php 5.3.21

  • Php 5.3.22

  • Php 5.3.23

  • Php 5.3.24

  • Php 5.3.25

  • Php 5.3.26

  • Php 5.3.27

  • Php 5.3.3

  • Php 5.3.4

  • Php 5.3.5

  • Php 5.3.6

  • Php 5.3.7

  • Php 5.3.8

  • Php 5.3.9

  • Php 5.4.0

  • Php 5.4.1

  • Php 5.4.10

  • Php 5.4.11

  • Php 5.4.12

  • Php 5.4.13

  • Php 5.4.14

  • Php 5.4.15

  • Php 5.4.16

  • Php 5.4.17

  • Php 5.4.18

  • Php 5.4.19

  • Php 5.4.2

  • Php 5.4.20

  • Php 5.4.21

  • Php 5.4.22

  • Php 5.4.23

  • Php 5.4.24

  • Php 5.4.25

  • Php 5.4.26

  • Php 5.4.3

  • Php 5.4.4

  • Php 5.4.5

  • Php 5.4.6

  • Php 5.4.7

  • Php 5.4.8

  • Php 5.4.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1076676

CONFIRM - https://bugs.php.net/bug.php?id=66901

SECUNIA - 59652

SUSE - SUSE-SU-2014:0869

SUSE - SUSE-SU-2014:0868

REDHAT - RHSA-2014:1327

REDHAT - RHSA-2014:1326

REDHAT - RHSA-2014:1766

REDHAT - RHSA-2014:1765

CONFIRM - https://support.apple.com/HT204659

DEBIAN - DSA-3215

APPLE - APPLE-SA-2015-04-08-2

MANDRIVA - MDVSA-2015:153

CONFIRM - http://advisories.mageia.org/MGASA-2014-0288.html

Related Patches

Apple 2015-004 Security Update for Mac OS X 10.8.5 (HT204659)

Apple 2015-004 Security Update for Mac OS X 10.9.5 (HT204659)

Apple Yosemite 10.10.3 Update (Combo) for Mac OS X (HT204659)

Apple Yosemite 10.10.3 Update for Mac OS X (HT204659)


Last Updated: 27 May 2016 11:08:23