Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Remediation

References

CVE-2014-2497

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery 'nggallery-manage-gallery' HTML Injection (0.96)

WordPress Plugin MapifyLite (by MapifyPro) Cross-Site Scripting (3.3)

MySQL Use After Free Vulnerability (CVE-2019-7317)

WordPress Plugin Import Spreadsheets from Microsoft Excel Arbitrary File Upload (10.1.4)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4608)

Severity

Medium

Classification

CVE-2014-2497

Tags

Missing Update Known Vulnerabilities