Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-5120

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

Related bugs and status

CVE-2014-5120 (Candidate) is related to these bugs:

Bug #1360148: UPDATE REQUEST: php54 5.4.32 is available upstream

Summary				In	Importance	Status
	1360148	UPDATE REQUEST: php54 5.4.32 is available upstream		IUS Community Project	Undecided	Fix Released

Bug #1360150: UPDATE REQUEST: php55u 5.5.16 is available upstream

Summary				In	Importance	Status
	1360150	UPDATE REQUEST: php55u 5.5.16 is available upstream		IUS Community Project	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://php.net/ChangeL...
CONFIRM: https://bugs.php.net/b...
SUSE: openSUSE-SU-2014:1133
REDHAT: RHSA-2014:1327
REDHAT: RHSA-2014:1765
REDHAT: RHSA-2014:1766
CONFIRM: https://support.apple....
APPLE: APPLE-SA-2015-04-08-2
CONFIRM: http://www.oracle.com/...