CVE-2014-5120
php: gd extension NUL byte injection in file names
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
gd_ctx.c en el componente GD en PHP 5.4.x anterior a 5.4.32 y 5.5.x anterior a 5.5.16 no asegura que a los nombres de rutas les falten las secuencias %00, lo que podría permitir a atacantes remotos sobrescribir ficheros arbitrarios a través de entradas manipuladas en una aplicación que llama la función (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp o (7) imagewebp.
It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. Multiple flaws were found in the File Information extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-07-30 CVE Reserved
- 2014-08-23 CVE Published
- 2024-08-06 CVE Updated
- 2025-04-12 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-626: Null Byte Interaction Error (Poison Null Byte)
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://php.net/ChangeLog-5.php | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | X_refsource_confirm |
|
| https://support.apple.com/HT204659 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html | 2016-10-26 | |
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html | 2016-10-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-1327.html | 2016-10-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-1765.html | 2016-10-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-1766.html | 2016-10-26 | |
| https://bugs.php.net/bug.php?id=67730 | 2016-10-26 | |
| https://access.redhat.com/security/cve/CVE-2014-5120 | 2014-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1132793 | 2014-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | beta2, 32-bit |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | rc2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.1 Search vendor "Php" for product "Php" and version "5.4.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.2 Search vendor "Php" for product "Php" and version "5.4.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.3 Search vendor "Php" for product "Php" and version "5.4.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.4 Search vendor "Php" for product "Php" and version "5.4.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.5 Search vendor "Php" for product "Php" and version "5.4.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.6 Search vendor "Php" for product "Php" and version "5.4.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.7 Search vendor "Php" for product "Php" and version "5.4.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.8 Search vendor "Php" for product "Php" and version "5.4.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.9 Search vendor "Php" for product "Php" and version "5.4.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.10 Search vendor "Php" for product "Php" and version "5.4.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.11 Search vendor "Php" for product "Php" and version "5.4.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | rc2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.13 Search vendor "Php" for product "Php" and version "5.4.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.13 Search vendor "Php" for product "Php" and version "5.4.13" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.14 Search vendor "Php" for product "Php" and version "5.4.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.14 Search vendor "Php" for product "Php" and version "5.4.14" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.15 Search vendor "Php" for product "Php" and version "5.4.15" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.15 Search vendor "Php" for product "Php" and version "5.4.15" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.16 Search vendor "Php" for product "Php" and version "5.4.16" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.17 Search vendor "Php" for product "Php" and version "5.4.17" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.18 Search vendor "Php" for product "Php" and version "5.4.18" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.19 Search vendor "Php" for product "Php" and version "5.4.19" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.20 Search vendor "Php" for product "Php" and version "5.4.20" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.21 Search vendor "Php" for product "Php" and version "5.4.21" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.22 Search vendor "Php" for product "Php" and version "5.4.22" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.23 Search vendor "Php" for product "Php" and version "5.4.23" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.24 Search vendor "Php" for product "Php" and version "5.4.24" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.25 Search vendor "Php" for product "Php" and version "5.4.25" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.26 Search vendor "Php" for product "Php" and version "5.4.26" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.27 Search vendor "Php" for product "Php" and version "5.4.27" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.28 Search vendor "Php" for product "Php" and version "5.4.28" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.29 Search vendor "Php" for product "Php" and version "5.4.29" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.30 Search vendor "Php" for product "Php" and version "5.4.30" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.31 Search vendor "Php" for product "Php" and version "5.4.31" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha5 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha6 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | rc2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.1 Search vendor "Php" for product "Php" and version "5.5.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.2 Search vendor "Php" for product "Php" and version "5.5.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.3 Search vendor "Php" for product "Php" and version "5.5.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.4 Search vendor "Php" for product "Php" and version "5.5.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.5 Search vendor "Php" for product "Php" and version "5.5.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.6 Search vendor "Php" for product "Php" and version "5.5.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.7 Search vendor "Php" for product "Php" and version "5.5.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.8 Search vendor "Php" for product "Php" and version "5.5.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.9 Search vendor "Php" for product "Php" and version "5.5.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.10 Search vendor "Php" for product "Php" and version "5.5.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.11 Search vendor "Php" for product "Php" and version "5.5.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.12 Search vendor "Php" for product "Php" and version "5.5.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.13 Search vendor "Php" for product "Php" and version "5.5.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.14 Search vendor "Php" for product "Php" and version "5.5.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.15 Search vendor "Php" for product "Php" and version "5.5.15" | - |
Affected
| ||||||