[Secure-testing-team] Bug#744719: libgd2: CVE-2014-2497
Salvatore Bonaccorso
carnil at debian.org
Sun Apr 13 20:28:10 UTC 2014
Source: libgd2
Version: 2.0.36~rc1~dfsg-5
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for libgd2
CVE-2014-2497[0]:
| The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP
| 5.4.26 and earlier, allows remote attackers to cause a denial of
| service (NULL pointer dereference and application crash) via a crafted
| color table in an XPM file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-2497
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1076676
[2] https://bugzilla.novell.com/show_bug.cgi?id=868624
[3] https://bugs.php.net/patch-display.php?bug_id=66901&patch=bug66901-fix.patch&revision=latest
Regards,
Salvatore
More information about the Secure-testing-team
mailing list