CVE-2014-2497

Priority
Description
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP
5.4.26 and earlier, allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted color table
in an XPM file.
Assigned-to
mdeslaur
Notes
mdeslaurphp5 uses the system libgd2
php5 in quantal and earlier aren't built with xpm support
Package
Upstream:released (2.1.0-4)
Ubuntu 14.04 ESM (Trusty Tahr):released (2.1.0-3ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.1.0-5)
Patches:
Upstream:https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (uses system gd)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2020-03-18 22:19:48 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)