CVE-2014-2497

EPSS 5.2%

libgd2 - security update

Published: 3/21/2014Modified: 4/28/2026

Description

The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.

Affected packages (3)

Debian/libgd2from 0, < 2.1.0-4
Debian/libgd2from 0, < 2.0.36~rc1~dfsg-5+deb6u1
Debian/libgd2from 0, < 2.0.36~rc1~dfsg-6.1+deb7u1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2497