Description

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Remediation

References

CVE-2014-9709

Related Vulnerabilities

PHP Improper Input Validation Vulnerability (CVE-2016-4071)

WordPress Plugin Sticky Popup Cross-Site Scripting (1.2)

WordPress Plugin UpdraftPlus WordPress Backup Cross-Site Scripting (1.9.63)

WordPress Plugin GiveWP-Donation and Fundraising Platform Information Disclosure (2.20.2)

WordPress Plugin Greenshift-animation and page builder blocks Cross-Site Scripting (4.8.8)

Severity

Medium

Classification

CVE-2014-9709 CWE-119

Tags

Missing Update Known Vulnerabilities