Unrated severityNVD Advisory· Published Mar 21, 2014· Updated Jun 17, 2026
CVE-2014-2497
CVE-2014-2497
Description
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:redhat:enterprise_linux_eus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*+ 2 more
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:*:vmware:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp3:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/gd&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php5&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php7&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed
< 2.2.3-2.1+ 3 more
- (no CPE)range: < 2.2.3-2.1
- (no CPE)range: < 5.6.28-1.1
- (no CPE)range: < 7.0.14-1.4
- (no CPE)range: < 8.0.11-1.1
Patches
Vulnerability mechanics
References
21- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
- bugs.php.net/bug.phpnvdExploitIssue TrackingPatchVendor Advisory
- advisories.mageia.org/MGASA-2014-0288.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1326.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1327.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1765.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2014-1766.htmlnvdThird Party Advisory
- www.debian.org/security/2015/dsa-3215nvdThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/66233nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-2987-1nvdThird Party Advisory
- security.gentoo.org/glsa/201607-04nvdThird Party Advisory
- support.apple.com/HT204659nvdThird Party Advisory
- lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlnvdBroken LinkMailing List
- secunia.com/advisories/59061nvdNot Applicable
- secunia.com/advisories/59418nvdNot Applicable
- secunia.com/advisories/59496nvdNot Applicable
- secunia.com/advisories/59652nvdNot Applicable
- www.mandriva.com/security/advisoriesnvdBroken Link
News mentions
0No linked articles in our index yet.