CVE-2014-2497
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2014-2497
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
libgd‘gdImageCreateFromXpm’函数拒绝服务漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
libGD(又名GD Graphics Library或libgd2)是美国软件开发者Thomas Boutell所研发的一个开源的用于动态创建图像的库,它支持创建图表、图形和缩略图等。 PHP 5.4.26及之前版本中使用的libgd中的gdxpm.c文件的‘gdImageCreateFromXpm’函数存在安全漏洞。远程攻击者可借助XPM文件中特制的color表利用该漏洞造成拒绝服务(空指针逆向引用和应用程序崩溃)。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2014-2497
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2014-2497
请登录查看更多情报信息。
Vendor Advisories for CVE-2014-2497 (16)
- https://support.apple.com/HT204659x_refsource_CONFIRM
- https://bugzilla.redhat.com/show_bug.cgi?id=1076676x_refsource_CONFIRM
- http://advisories.mageia.org/MGASA-2014-0288.htmlx_refsource_CONFIRM
Mailing List Discussions for CVE-2014-2497 (3)
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.htmlvendor-advisoryx_refsource_SUSE
- http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.htmlvendor-advisoryx_refsource_SUSE
- http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.htmlvendor-advisoryx_refsource_APPLE
Other References for CVE-2014-2497 (2)
- https://bugs.php.net/bug.php?id=66901x_refsource_CONFIRM
Same Patch Batch · n/a · 2014-03-21 · 7 CVEs total
| CVE-2014-2276 | EMC Connectrix Manager Converged Network Edition 信息泄露漏洞 | |
| CVE-2013-5401 | IBM WebSphere MQ Internet Pass-Thru 拒绝服务漏洞 | |
| CVE-2013-6729 | IBM QuickFile 跨站脚本漏洞 | |
| CVE-2014-0829 | IBM Rational ClearCase 缓冲区溢出漏洞 | |
| CVE-2014-0879 | IBM Datacap Taskmaster Capture 基于栈的缓冲区溢出漏洞 | |
| CVE-2014-2567 | Trojita 信息泄露漏洞 |
IV. Related Vulnerabilities
Same vendor: n/a
V. Comments for CVE-2014-2497
No comments yet