Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-9709

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Related bugs and status

CVE-2014-9709 (Candidate) is related to these bugs:

Bug #1445240: UPDATE REQUEST: php54 5.4.40 is available upstream

Summary				In	Importance	Status
	1445240	UPDATE REQUEST: php54 5.4.40 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://php.net/ChangeL...
CONFIRM: https://bitbucket.org/...
CONFIRM: https://bugs.php.net/b...
CONFIRM: https://bugzilla.redha...
SUSE: openSUSE-SU-2015:0644
DEBIAN: DSA-3215
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:153
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-09-30-3
REDHAT: RHSA-2015:1135
CONFIRM: http://www.oracle.com/...
CONFIRM: http://www.oracle.com/...
GENTOO: GLSA-201607-04
BID: 73306
GENTOO: GLSA-201606-10
UBUNTU: USN-2987-1
SECTRACK: 1033703
REDHAT: RHSA-2015:1053
REDHAT: RHSA-2015:1066
SUSE: SUSE-SU-2015:0868
HP: HPSBUX03337
HP: SSRT102066
REDHAT: RHSA-2015:1218