Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Remediation

References

CVE-2014-2497

Related Vulnerabilities

markdown-it Inefficient Regular Expression Complexity Vulnerability (CVE-2015-10005)

PHP Address Book Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-1912)

Squid Exposure of Resource to Wrong Sphere Vulnerability (CVE-2022-41317)

WordPress Plugin Advanced Order Export For WooCommerce Cross-Site Scripting (3.1.7)

WordPress Plugin Captcha by BestWebSoft Multiple Cross-Site Scripting Vulnerabilities (4.0.2)

Severity

Medium

Classification

CVE-2014-2497

Tags

Missing Update Known Vulnerabilities