Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Remediation

References

CVE-2014-2497

Related Vulnerabilities

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Multiple Vulnerabilities (2.0.15)

WordPress Plugin Global Content Blocks PHP Code Execution and Information Disclosure Vulnerabilities (1.5.1)

WordPress Plugin Attachment Manager Arbitrary File Upload (2.1.1)

Java Denial of Service (DoS) Vulnerability (CVE-2018-2952)

Drupal Core 8.4.x Remote Code Execution (8.4.0 - 8.4.7)

Severity

Medium

Classification

CVE-2014-2497

Tags

Missing Update Known Vulnerabilities