| Errata ID | 323 |
|---|---|
| Date | 2015-09-23 |
| Source package | libgd2 |
| Fixed in version | 2.0.36~rc1~dfsg-6.1.33.201509111112 |
| Description | Multiple security vulnerabilities were fixed in libgd2: * The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP 5.4.26 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted color table in an XPM file (CVE-2014-2497). * Potential crash of long running service due to buffer read overflow in gd_gif_in.c when reading crafted GIFs (CVE-2014-9709). |
| Additional notes | |
| CVE ID | CVE-2014-2497 CVE-2014-9709 |
| UCS Bug number | #37089 |
