CVE-2014-5120
php: gd extension NUL byte injection in file names
Severity Score
6.4
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
gd_ctx.c en el componente GD en PHP 5.4.x anterior a 5.4.32 y 5.5.x anterior a 5.5.16 no asegura que a los nombres de rutas les falten las secuencias %00, lo que podría permitir a atacantes remotos sobrescribir ficheros arbitrarios a través de entradas manipuladas en una aplicación que llama la función (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp o (7) imagewebp.
It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2014-07-30 CVE Reserved
- 2014-08-23 CVE Published
- 2024-04-04 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
- CWE-626: Null Byte Interaction Error (Poison Null Byte)
CAPEC
References (11)
| URL | Tag | Source |
|---|---|---|
| http://php.net/ChangeLog-5.php | X_refsource_confirm | |
| http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html | X_refsource_confirm |
|
| https://support.apple.com/HT204659 | X_refsource_confirm |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html | 2016-10-26 | |
| http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html | 2016-10-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-1327.html | 2016-10-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-1765.html | 2016-10-26 | |
| http://rhn.redhat.com/errata/RHSA-2014-1766.html | 2016-10-26 | |
| https://bugs.php.net/bug.php?id=67730 | 2016-10-26 | |
| https://access.redhat.com/security/cve/CVE-2014-5120 | 2014-10-30 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1132793 | 2014-10-30 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | beta2, 32-bit |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.0 Search vendor "Php" for product "Php" and version "5.4.0" | rc2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.1 Search vendor "Php" for product "Php" and version "5.4.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.2 Search vendor "Php" for product "Php" and version "5.4.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.3 Search vendor "Php" for product "Php" and version "5.4.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.4 Search vendor "Php" for product "Php" and version "5.4.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.5 Search vendor "Php" for product "Php" and version "5.4.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.6 Search vendor "Php" for product "Php" and version "5.4.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.7 Search vendor "Php" for product "Php" and version "5.4.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.8 Search vendor "Php" for product "Php" and version "5.4.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.9 Search vendor "Php" for product "Php" and version "5.4.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.10 Search vendor "Php" for product "Php" and version "5.4.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.11 Search vendor "Php" for product "Php" and version "5.4.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.12 Search vendor "Php" for product "Php" and version "5.4.12" | rc2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.13 Search vendor "Php" for product "Php" and version "5.4.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.13 Search vendor "Php" for product "Php" and version "5.4.13" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.14 Search vendor "Php" for product "Php" and version "5.4.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.14 Search vendor "Php" for product "Php" and version "5.4.14" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.15 Search vendor "Php" for product "Php" and version "5.4.15" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.15 Search vendor "Php" for product "Php" and version "5.4.15" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.16 Search vendor "Php" for product "Php" and version "5.4.16" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.17 Search vendor "Php" for product "Php" and version "5.4.17" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.18 Search vendor "Php" for product "Php" and version "5.4.18" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.19 Search vendor "Php" for product "Php" and version "5.4.19" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.20 Search vendor "Php" for product "Php" and version "5.4.20" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.21 Search vendor "Php" for product "Php" and version "5.4.21" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.22 Search vendor "Php" for product "Php" and version "5.4.22" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.23 Search vendor "Php" for product "Php" and version "5.4.23" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.24 Search vendor "Php" for product "Php" and version "5.4.24" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.25 Search vendor "Php" for product "Php" and version "5.4.25" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.26 Search vendor "Php" for product "Php" and version "5.4.26" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.27 Search vendor "Php" for product "Php" and version "5.4.27" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.28 Search vendor "Php" for product "Php" and version "5.4.28" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.29 Search vendor "Php" for product "Php" and version "5.4.29" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.30 Search vendor "Php" for product "Php" and version "5.4.30" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.4.31 Search vendor "Php" for product "Php" and version "5.4.31" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha5 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | alpha6 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta3 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | beta4 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | rc1 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.0 Search vendor "Php" for product "Php" and version "5.5.0" | rc2 |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.1 Search vendor "Php" for product "Php" and version "5.5.1" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.2 Search vendor "Php" for product "Php" and version "5.5.2" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.3 Search vendor "Php" for product "Php" and version "5.5.3" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.4 Search vendor "Php" for product "Php" and version "5.5.4" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.5 Search vendor "Php" for product "Php" and version "5.5.5" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.6 Search vendor "Php" for product "Php" and version "5.5.6" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.7 Search vendor "Php" for product "Php" and version "5.5.7" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.8 Search vendor "Php" for product "Php" and version "5.5.8" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.9 Search vendor "Php" for product "Php" and version "5.5.9" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.10 Search vendor "Php" for product "Php" and version "5.5.10" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.11 Search vendor "Php" for product "Php" and version "5.5.11" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.12 Search vendor "Php" for product "Php" and version "5.5.12" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.13 Search vendor "Php" for product "Php" and version "5.5.13" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.14 Search vendor "Php" for product "Php" and version "5.5.14" | - |
Affected
| ||||||
| Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | 5.5.15 Search vendor "Php" for product "Php" and version "5.5.15" | - |
Affected
| ||||||