CVE-2014-9709

The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted GIF image that is improperly handled by the gdImageCreateFromGif function.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libgd2	16.04 LTS xenial	Not affected
	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.10 utopic	Ignored
	14.04 LTS trusty	Fixed 2.1.0-3ubuntu0.1
	12.04 LTS precise	Fixed 2.0.36~rc1~dfsg-6ubuntu2.1
	10.04 LTS lucid	Ignored
php5	16.04 LTS xenial	Not in release
	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.10 utopic	Not affected
	14.04 LTS trusty	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

Notes

mdeslaur

php5 uses system gd

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libgd2	Upstream: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 Upstream: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
php5	Upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c Upstream: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695

References

Related Ubuntu Security Notices (USN)

USN-2987-1
GD library vulnerabilities
31 May 2016

Status

Notes

Patch details

References

Related Ubuntu Security Notices (USN)

Other references