Twenty Year Anniversary
Showing 1 - 11 of 11 RSS Feed

CVE-2014-9709

Status Candidate

Overview

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Related Files

Gentoo Linux Security Advisory 201606-10
Posted Jun 19, 2016
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201606-10 - Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution, or cause a Denial of Service condition. Versions less than 5.6.19 are affected.

tags | advisory, denial of service, arbitrary, php, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2013-6501, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4642, CVE-2015-4643, CVE-2015-4644, CVE-2015-6831, CVE-2015-6832, CVE-2015-6833, CVE-2015-6834, CVE-2015-6835, CVE-2015-6836
MD5 | 1a8576ed6209013416527cf364c0cf18
Ubuntu Security Notice USN-2987-1
Posted Jun 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2987-1 - It was discovered that the GD library incorrectly handled certain color tables in XPM images. If a user or automated system were tricked into processing a specially crafted XPM image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. It was discovered that the GD library incorrectly handled certain malformed GIF images. If a user or automated system were tricked into processing a specially crafted GIF image, an attacker could cause a denial of service. This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-2497, CVE-2014-9709, CVE-2015-8874, CVE-2015-8877, CVE-2016-3074
MD5 | 99231ebd2c99339086c13e49358bf8a1
Apple Security Advisory 2015-09-30-03
Posted Oct 1, 2015
Authored by Apple | Site apple.com

Apple Security Advisory 2015-09-30-03 - OS X El Capitan 10.11 is now available and addresses close to 100 vulnerabilities that may exist in prior releases.

tags | advisory, vulnerability
systems | apple, osx
advisories | CVE-2013-3951, CVE-2014-2532, CVE-2014-3618, CVE-2014-6277, CVE-2014-7186, CVE-2014-7187, CVE-2014-8080, CVE-2014-8090, CVE-2014-8146, CVE-2014-8147, CVE-2014-8611, CVE-2014-9425, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0235, CVE-2015-0273, CVE-2015-0286, CVE-2015-0287, CVE-2015-1351, CVE-2015-1352, CVE-2015-1855, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331
MD5 | 394e001ee3e97a0e28026a7e3dd1db7f
Red Hat Security Advisory 2015-1218-01
Posted Jul 9, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1218-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time. An uninitialized pointer use flaw was found in PHP's Exif extension. A specially crafted JPEG or TIFF file could cause a PHP application using the exif_read_data() function to crash or, possibly, execute arbitrary code with the privileges of the user running that PHP application.

tags | advisory, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-9425, CVE-2014-9705, CVE-2014-9709, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602, CVE-2015-4603
MD5 | 67b63fd7cee3937df91132050bfb1e39
Red Hat Security Advisory 2015-1135-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1135-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. A flaw was found in the way the PHP module for the Apache httpd web server handled pipelined requests. A remote attacker could use this flaw to trigger the execution of a PHP script in a deinitialized interpreter, causing it to crash or, possibly, execute arbitrary code. A flaw was found in the way PHP parsed multipart HTTP POST requests. A specially crafted request could cause PHP to use an excessive amount of CPU time.

tags | advisory, remote, web, arbitrary, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-2301, CVE-2015-2348, CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-3411, CVE-2015-3412, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148, CVE-2015-4598, CVE-2015-4599, CVE-2015-4600, CVE-2015-4601, CVE-2015-4602
MD5 | bdcc1b92b21bbc928feea047d6d42210
HP Security Bulletin HPSBUX03337 SSRT102066 1
Posted Jun 11, 2015
Authored by HP | Site hp.com

HP Security Bulletin HPSBUX03337 SSRT102066 1 - Potential security vulnerabilities have been identified with the HP-UX Apache Web Server Suite, Tomcat Servlet Engine, and PHP. These could be exploited remotely to create a Denial of Service (DoS) and other vulnerabilities. Revision 1 of this advisory.

tags | advisory, web, denial of service, php, vulnerability
systems | hpux
advisories | CVE-2013-5704, CVE-2014-0118, CVE-2014-0226, CVE-2014-0227, CVE-2014-0231, CVE-2014-8142, CVE-2014-9709, CVE-2015-0231, CVE-2015-0273, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2783
MD5 | 9fa4f2401a0eae76949782536773bbd8
Red Hat Security Advisory 2015-1066-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1066-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php54 packages provide a recent stable release of PHP with the PEAR 1.9.4, APC 3.1.15, and memcache 3.0.8 PECL extensions, and a number of additional utilities. The php54 packages have been upgraded to upstream version 5.4.40, which provides a number of bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
MD5 | 2e474e389ffaf2fb090f832ec2d9d5b6
Red Hat Security Advisory 2015-1053-01
Posted Jun 4, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1053-01 - PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The php55 packages provide a recent stable release of PHP with the PEAR 1.9.4, memcache 3.0.8, and mongo 1.4.5 PECL extensions, and a number of additional utilities. The php55 packages have been upgraded to upstream version 5.5.21, which provides multiple bug fixes over the version shipped in Red Hat Software Collections 1.

tags | advisory, web, php
systems | linux, redhat
advisories | CVE-2014-8142, CVE-2014-9427, CVE-2014-9652, CVE-2014-9705, CVE-2014-9709, CVE-2015-0231, CVE-2015-0232, CVE-2015-0273, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2348, CVE-2015-2787, CVE-2015-4147, CVE-2015-4148
MD5 | 41639e4633e106eb21db696ff0b897af
Slackware Security Advisory - php Updates
Posted Apr 22, 2015
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New php packages are available for Slackware 14.0, 14.1, and -current to fix security issues.

tags | advisory, php
systems | linux, slackware
advisories | CVE-2014-9709, CVE-2015-0231, CVE-2015-1351, CVE-2015-1352, CVE-2015-2301, CVE-2015-2305, CVE-2015-2331, CVE-2015-2783, CVE-2015-3330
MD5 | 5e4379cecf5e830fad4daac5cb1dbaf4
Debian Security Advisory 3215-1
Posted Apr 6, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3215-1 - Multiple vulnerabilities were discovered in libgd2, a graphics library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-2497, CVE-2014-9709
MD5 | ae147d811abe0587c84118964cf57e79
Mandriva Linux Security Advisory 2015-153
Posted Mar 30, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-153 - The gdImageCreateFromXpm function in gdxpm.c in the gd image library allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file. A buffer read overflow in gd_gif_in.c in the php #68601 bug referenced in the PHP 5.5.21 ChangeLog has been fixed in the libgd package.

tags | advisory, remote, denial of service, overflow, php
systems | linux, mandriva
advisories | CVE-2014-2497, CVE-2014-9709
MD5 | 5694676071578958c39a0ef7c793d650
Page 1 of 1
Back1Next

File Archive:

November 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    10 Files
  • 2
    Nov 2nd
    15 Files
  • 3
    Nov 3rd
    2 Files
  • 4
    Nov 4th
    2 Files
  • 5
    Nov 5th
    32 Files
  • 6
    Nov 6th
    27 Files
  • 7
    Nov 7th
    8 Files
  • 8
    Nov 8th
    9 Files
  • 9
    Nov 9th
    17 Files
  • 10
    Nov 10th
    2 Files
  • 11
    Nov 11th
    2 Files
  • 12
    Nov 12th
    33 Files
  • 13
    Nov 13th
    29 Files
  • 14
    Nov 14th
    23 Files
  • 15
    Nov 15th
    45 Files
  • 16
    Nov 16th
    11 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close