Description

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Remediation

References

CVE-2014-9709

Related Vulnerabilities

WordPress Plugin YOP Poll Multiple Cross-Site Scripting Vulnerabilities (4.9.1)

WordPress Plugin Elementor Website Builder Arbitrary File Upload (3.18.1)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (6.0.11)

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35614)

WordPress Plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) Cross-Site Scripting (9.7.1)

Severity

Medium

Classification

CVE-2014-9709 CWE-119

Tags

Missing Update Known Vulnerabilities