CVE-2014-2497 — MEDIUM (4.3)

Q: How severe is CVE-2014-2497?

CVE-2014-2497 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2497?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Redhat Enterprise Linux Desktop.

Vulnerability Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Php	Php	< 5.4.32
Canonical	Ubuntu Linux	12.04
Suse	Linux Enterprise Server	11
Suse	Linux Enterprise Software Development Kit	11
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	6.5
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Server Aus	6.5
Redhat	Enterprise Linux Server Tus	6.5
Redhat	Enterprise Linux Workstation	6.0
Debian	Debian Linux	7.0
Oracle	Solaris	11.2

Related Weaknesses (CWE)

CWE-476

References

http://advisories.mageia.org/MGASA-2014-0288.htmlThird Party Advisory
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlBroken LinkMailing List
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1326.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1327.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1765.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-1766.htmlThird Party Advisory
http://secunia.com/advisories/59061Not Applicable
http://secunia.com/advisories/59418Not Applicable
http://secunia.com/advisories/59496Not Applicable
http://secunia.com/advisories/59652Not Applicable
http://www.debian.org/security/2015/dsa-3215Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:153Broken Link
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlThird Party Advisory

FAQ

What is CVE-2014-2497?

CVE-2014-2497 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a cr...

How severe is CVE-2014-2497?

CVE-2014-2497 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2497?

Check the references section above for vendor advisories and patch information. Affected products include: Php Php, Canonical Ubuntu Linux, Suse Linux Enterprise Server, Suse Linux Enterprise Software Development Kit, Redhat Enterprise Linux Desktop.