5

CVE-2014-9709

Exploit

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Data is provided by the National Vulnerability Database (NVD)
PhpPhp Version >= 5.4.0 < 5.4.40
PhpPhp Version >= 5.5.0 < 5.5.21
PhpPhp Version >= 5.6.0 < 5.6.5
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
LibgdLibgd Version <= 2.1.1
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version12.04 SwEditionlts
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version15.10
CanonicalUbuntu Linux Version16.04 SwEditionlts
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 15.31% 0.944
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.securitytracker.com/id/1033703
Third Party Advisory
VDB Entry
http://php.net/ChangeLog-5.php
Vendor Advisory
Exploit
http://marc.info/?l=bugtraq&m=143403519711434&w=2
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/73306
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1188639
Third Party Advisory
Issue Tracking