CVE-2014-2497

Advisory lineage Upstream: 0 Downstream: 15

Downstream

DEBIAN-CVE-2014-2497 DLA-189-1 DSA-3215-1 MGASA-2014-0283 MGASA-2014-0288 OPENSUSE-SU-2024:10062-1

Modified

Published: 21 Mar 2014, 14:00

Last modified:06 Aug 2024, 10:14

Vulnerability Summary

Overall Risk (default)

medium

28/100

CVSS Score

4.3 MEDIUM

v2.0 (nvd)

EPSS Score

5.17% LOW

5% probability -6.96%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

21 Mar 2014, 14:00

Published

Vulnerability first disclosed

06 Aug 2024, 10:14

Last Modified

Vulnerability information updated

Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

CVSS Metrics

v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 5.17%• Percentile: 90%

Techniques & Countermeasures

CWE-476•NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

Affected Systems

canonical•ubuntu_linux
12.04 | 14.04 | 15.10 | 16.04
debian•debian_linux
7.0 | 8.0
Unknown•Solaris
11.2
Unknown•PHP
< 5.4.32 | ≥ 5.5.0, < 5.5.16
redhat•enterprise_linux_desktop
6.0 | 7.0
redhat•enterprise_linux_eus
6.5 | 7.3 | 7.4 | 7.5 | 7.6 | 7.7
redhat•enterprise_linux_server
6.0 | 7.0
redhat•enterprise_linux_server_aus
6.5 | 7.3 | 7.6
redhat•enterprise_linux_server_tus
6.5 | 7.3 | 7.6 | 7.7
redhat•enterprise_linux_workstation
6.0 | 7.0
suse•linux_enterprise_server
11:sp2 | 11:sp3
suse•linux_enterprise_software_development_kit
11:sp3