Red Hat Security Advisory 2014-1326-01 – PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP’s fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. It was found that the fix for CVE-2012-1571 was incomplete; the File Information extension did not correctly parse certain Composite Document Format files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP’s gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap file.