CVE - CVE-2014-9709

CVE-ID
CVE-2014-9709	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:http://php.net/ChangeLog-5.php CONFIRM:https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 CONFIRM:https://bugs.php.net/bug.php?id=68601 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1188639 CONFIRM:http://advisories.mageia.org/MGASA-2015-0040.html CONFIRM:https://support.apple.com/HT205267 CONFIRM:http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html CONFIRM:http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html APPLE:APPLE-SA-2015-09-30-3 URL:http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html DEBIAN:DSA-3215 URL:http://www.debian.org/security/2015/dsa-3215 GENTOO:GLSA-201607-04 URL:https://security.gentoo.org/glsa/201607-04 GENTOO:GLSA-201606-10 URL:https://security.gentoo.org/glsa/201606-10 HP:HPSBUX03337 URL:http://marc.info/?l=bugtraq&m=143403519711434&w=2 HP:SSRT102066 URL:http://marc.info/?l=bugtraq&m=143403519711434&w=2 MANDRIVA:MDVSA-2015:153 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2015:153 REDHAT:RHSA-2015:1135 URL:http://rhn.redhat.com/errata/RHSA-2015-1135.html REDHAT:RHSA-2015:1053 URL:http://rhn.redhat.com/errata/RHSA-2015-1053.html REDHAT:RHSA-2015:1066 URL:http://rhn.redhat.com/errata/RHSA-2015-1066.html SUSE:openSUSE-SU-2015:0644 URL:http://lists.opensuse.org/opensuse-updates/2015-04/msg00002.html SUSE:SUSE-SU-2015:0868 URL:http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00005.html UBUNTU:USN-2987-1 URL:http://www.ubuntu.com/usn/USN-2987-1 BID:73306 URL:http://www.securityfocus.com/bid/73306 SECTRACK:1033703 URL:http://www.securitytracker.com/id/1033703
Assigning CNA
N/A
Date Entry Created
20150323	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20150323)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Common Vulnerabilities and Exposures

CVE-2014-9709