Description
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
Remediation
References
Related Vulnerabilities
WordPress Plugin Change Password and E-mail Cross-Site Scripting (1.0)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.14)
WordPress Plugin Cherry Multiple Vulnerabilities (1.2.6)
PHP Use After Free Vulnerability (CVE-2016-9138)
WordPress Plugin Diary & Availability Calendar SQL Injection (1.0.3)