CVE-2014-2497

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-2497
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://bugs.php.net/bug.php?id=66901 Exploit Issue Tracking Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1076676 Issue Tracking Patch Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html Mailing List Third Party Advisory
http://secunia.com/advisories/59652 Not Applicable
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html Mailing List Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1327.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1326.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.html Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1765.html Third Party Advisory
https://support.apple.com/HT204659 Third Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html Broken Link Mailing List
http://www.debian.org/security/2015/dsa-3215 Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153 Broken Link
http://advisories.mageia.org/MGASA-2014-0288.html Third Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html Third Party Advisory
https://security.gentoo.org/glsa/201607-04 Third Party Advisory
http://www.securityfocus.com/bid/66233 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-2987-1 Third Party Advisory
http://secunia.com/advisories/59496 Not Applicable
http://secunia.com/advisories/59418 Not Applicable
http://secunia.com/advisories/59061 Not Applicable
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*

Configuration 4 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 6 (hide)

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
Information

Published : 2014-03-21 07:55

Updated : 2022-09-28 13:39

NVD link : CVE-2014-2497

Mitre link : CVE-2014-2497

JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa
Products Affected

redhat

  • enterprise_linux_desktop
  • enterprise_linux_server_aus
  • enterprise_linux_workstation
  • enterprise_linux_server_tus
  • enterprise_linux_server
  • enterprise_linux_eus

canonical

  • ubuntu_linux

suse

  • linux_enterprise_software_development_kit
  • linux_enterprise_server

oracle

  • solaris

php

  • php

debian

  • debian_linux