CVE-2014-2497 (retired)

Priority
Description
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP
5.4.26 and earlier, allows remote attackers to cause a denial of service
(NULL pointer dereference and application crash) via a crafted color table
in an XPM file.
Notes
 mdeslaur> php5 uses the system libgd2
 mdeslaur> php5 in quantal and earlier aren't built with xpm support
Assigned-to
mdeslaur
Package
Upstream:released (2.1.0-4)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.1.0-3ubuntu0.1)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.1.0-5)
Patches:
Upstream:https://bitbucket.org/libgd/gd-libgd/commits/463c3bd09bfe8e924e19acad7a2a6af16953a704
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):not-affected (uses system gd)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
More Information

Updated: 2019-03-26 12:12:55 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)