CVE-2014-5120

PHP 5.4.x-5.4.31 and 5.5.x-5.5.15 - Arbitrary File Overwrite via GD Image Function Pathname

Title source: llm

Description

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

References (9)

Core 9

Core References

Vendor Advisory x_refsource_confirm

https://support.apple.com/HT204659

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1766.html

Vendor Advisory x_refsource_confirm

https://bugs.php.net/bug.php?id=67730

Various Sources x_refsource_confirm

http://php.net/ChangeLog-5.php

Mailing List vendor-advisory x_refsource_apple

http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1327.html

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2014-1765.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html

Scores

EPSS 0.0877

EPSS Percentile 92.6%

Details

CWE

CWE-20

Status published

Products (33)

php/php 5.4.0 (4 CPE variants)

php/php 5.4.1

php/php 5.4.2

php/php 5.4.3

php/php 5.4.4

php/php 5.4.5

php/php 5.4.6

php/php 5.4.7

php/php 5.4.8

php/php 5.4.9

... and 23 more

Published Aug 23, 2014

Tracked Since Feb 18, 2026