CVE-2014-5120

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://bugs.php.net/bug.php?id=67730	Vendor Advisory
http://php.net/ChangeLog-5.php
http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html
http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
https://support.apple.com/HT204659
http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:php:php:5.4.0:beta2::::::
	cpe:2.3:a:php:php:5.4.0:beta2:32-bit:::::*
	cpe:2.3:a:php:php:5.4.12:rc2::::::
	cpe:2.3:a:php:php:5.4.13:::::::*
	cpe:2.3:a:php:php:5.4.18:::::::*
	cpe:2.3:a:php:php:5.4.19:::::::*
	cpe:2.3:a:php:php:5.4.25:::::::*
	cpe:2.3:a:php:php:5.4.26:::::::*
	cpe:2.3:a:php:php:5.4.4:::::::*
	cpe:2.3:a:php:php:5.4.5:::::::*
	cpe:2.3:a:php:php:5.5.6:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha3::::::
	cpe:2.3:a:php:php:5.4.15:rc1::::::
	cpe:2.3:a:php:php:5.4.15:::::::*
	cpe:2.3:a:php:php:5.5.5:::::::*
	cpe:2.3:a:php:php:5.5.0:beta1::::::
	cpe:2.3:a:php:php:5.4.22:::::::*
	cpe:2.3:a:php:php:5.4.9:::::::*
	cpe:2.3:a:php:php:5.4.11:::::::*
	cpe:2.3:a:php:php:5.5.12:::::::*
	cpe:2.3:a:php:php:5.4.10:::::::*
	cpe:2.3:a:php:php:5.5.0:rc1::::::
	cpe:2.3:a:php:php:5.4.21:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha6::::::
	cpe:2.3:a:php:php:5.5.0:beta2::::::
	cpe:2.3:a:php:php:5.5.15:::::::*
	cpe:2.3:a:php:php:5.5.11:::::::*
	cpe:2.3:a:php:php:5.4.29:::::::*
	cpe:2.3:a:php:php:5.4.3:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha2::::::
	cpe:2.3:a:php:php:5.5.2:::::::*
	cpe:2.3:a:php:php:5.5.0:rc2::::::
	cpe:2.3:a:php:php:5.5.9:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha1::::::
	cpe:2.3:a:php:php:5.4.12:rc1::::::
	cpe:2.3:a:php:php:5.5.0:beta3::::::
	cpe:2.3:a:php:php:5.4.12:::::::*
	cpe:2.3:a:php:php:5.5.0:::::::*
	cpe:2.3:a:php:php:5.5.1:::::::*
	cpe:2.3:a:php:php:5.4.14:::::::*
	cpe:2.3:a:php:php:5.4.8:::::::*
	cpe:2.3:a:php:php:5.5.14:::::::*
	cpe:2.3:a:php:php:5.4.17:::::::*
	cpe:2.3:a:php:php:5.4.14:rc1::::::
	cpe:2.3:a:php:php:5.5.7:::::::*
	cpe:2.3:a:php:php:5.4.2:::::::*
	cpe:2.3:a:php:php:5.5.0:beta4::::::
	cpe:2.3:a:php:php:5.5.3:::::::*
	cpe:2.3:a:php:php:5.4.27:::::::*
	cpe:2.3:a:php:php:5.5.8:::::::*
	cpe:2.3:a:php:php:5.4.16:rc1::::::
	cpe:2.3:a:php:php:5.4.28:::::::*
	cpe:2.3:a:php:php:5.5.13:::::::*
	cpe:2.3:a:php:php:5.5.4:::::::*
	cpe:2.3:a:php:php:5.4.24:::::::*
	cpe:2.3:a:php:php:5.4.23:::::::*
	cpe:2.3:a:php:php:5.4.6:::::::*
	cpe:2.3:a:php:php:5.4.30:::::::*
	cpe:2.3:a:php:php:5.4.31:::::::*
	cpe:2.3:a:php:php:5.4.0:rc2::::::
	cpe:2.3:a:php:php:5.5.0:alpha4::::::
	cpe:2.3:a:php:php:5.4.0:::::::*
	cpe:2.3:a:php:php:5.5.10:::::::*
	cpe:2.3:a:php:php:5.5.0:alpha5::::::
cpe:2.3:a:php:php:5.4.1:::::::*
cpe:2.3:a:php:php:5.4.13:rc1::::::
cpe:2.3:a:php:php:5.4.20:::::::*
cpe:2.3:a:php:php:5.4.7:::::::*

Information

Published : 2014-08-22 18:55

Updated : 2016-10-25 19:00

NVD link : CVE-2014-5120

Mitre link : CVE-2014-5120

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

php

6.4 /10