4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
php is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file.
advisories.mageia.org/MGASA-2014-0288.html
lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00001.html
lists.opensuse.org/opensuse-security-announce/2014-07/msg00002.html
rhn.redhat.com/errata/RHSA-2014-1326.html
rhn.redhat.com/errata/RHSA-2014-1327.html
rhn.redhat.com/errata/RHSA-2014-1765.html
rhn.redhat.com/errata/RHSA-2014-1766.html
secunia.com/advisories/59061
secunia.com/advisories/59418
secunia.com/advisories/59496
secunia.com/advisories/59652
www.debian.org/security/2015/dsa-3215
www.mandriva.com/security/advisories?name=MDVSA-2015:153
www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
www.securityfocus.com/bid/66233
www.ubuntu.com/usn/USN-2987-1
access.redhat.com/security/updates/classification/#moderate
bugs.php.net/bug.php?id=66901
bugzilla.redhat.com/show_bug.cgi?id=1076676
rhn.redhat.com/errata/RHSA-2014-1326.html
security.gentoo.org/glsa/201607-04
support.apple.com/HT204659