UBUNTU-CVE-2014-2497

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2014-2497

Downstream

USN-2987-1

Published: 21 Mar 2014, 00:00

Last modified:22 Apr 2026, 09:37

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Mar 2014, 00:00

Published

Vulnerability first disclosed

22 Apr 2026, 09:37

Last Modified

Vulnerability information updated

Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Affected Systems

ubuntu•libgd2
< 2.1.0-3ubuntu0.1

References (4)

https://ubuntu.com/security/CVE-2014-2497
http://net-ninja-mr.me/2014/03/14/php-gd-v5-4-17-2-color-visual-null-pointer-dereference/
https://ubuntu.com/security/notices/USN-2987-1
https://www.cve.org/CVERecord?id=CVE-2014-2497