Computer Security
[EN] securityvulns.ru no-pyccku


libgd / PHP security vulnerabilities
Published:07.04.2015
Source:
SecurityVulns ID:14349
Type:library
Threat Level:
8/10
Description:Buffer overflow, NULL pointer dereference.
Affected:PHP : PHP 5.5
 GD : libgd 2.1
CVE:CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.)
 CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3215-1] libgd2 security update (07.04.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod