The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 15.10 | |
ubuntu_linux | eq | 14.04 | |
ubuntu_linux | eq | 16.04 | |
ubuntu_linux | eq | 12.04 | |
debian_linux | eq | 8.0 | |
debian_linux | eq | 7.0 | |
solaris | eq | 11.2 | |
php | ge | 5.5.0 | |
php | lt | 5.5.16 | |
php | lt | 5.4.32 |
advisories.mageia.org/MGASA-2014-0288.html
lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
rhn.redhat.com/errata/RHSA-2014-1326.html
rhn.redhat.com/errata/RHSA-2014-1327.html
rhn.redhat.com/errata/RHSA-2014-1765.html
rhn.redhat.com/errata/RHSA-2014-1766.html
secunia.com/advisories/59061
secunia.com/advisories/59418
secunia.com/advisories/59496
secunia.com/advisories/59652
www.debian.org/security/2015/dsa-3215
www.mandriva.com/security/advisories?name=MDVSA-2015:153
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.securityfocus.com/bid/66233
www.ubuntu.com/usn/USN-2987-1
bugs.php.net/bug.php?id=66901
bugzilla.redhat.com/show_bug.cgi?id=1076676
security.gentoo.org/glsa/201607-04
support.apple.com/HT204659