php is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
advisories.mageia.org/MGASA-2014-0288.html
lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
rhn.redhat.com/errata/RHSA-2014-1326.html
rhn.redhat.com/errata/RHSA-2014-1327.html
rhn.redhat.com/errata/RHSA-2014-1765.html
rhn.redhat.com/errata/RHSA-2014-1766.html
secunia.com/advisories/59061
secunia.com/advisories/59418
secunia.com/advisories/59496
secunia.com/advisories/59652
www.debian.org/security/2015/dsa-3215
www.mandriva.com/security/advisories?name=MDVSA-2015:153
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.securityfocus.com/bid/66233
www.ubuntu.com/usn/USN-2987-1
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=66901
bugzilla.redhat.com/show_bug.cgi?id=1076676
rhn.redhat.com/errata/RHSA-2014-1326.html
security.gentoo.org/glsa/201607-04
support.apple.com/HT204659