Summary: | <dev-lang/php-{5.4.32,5.5.16} : php-gd 'c_color' NULL pointer dereference (CVE-2014-2497) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=66901 | ||
Whiteboard: | A3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-20 13:52:53 UTC
Is this bug part of the Fix in current PHP (or previous) being stabilized? This is fixed in 5.5.16 and 5.4.32 currently in stabilization in bug 513032 CVE-2014-2497 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2497): The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. Stabilized and Cleaned up, adding to existing GLSA This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |