modphp: Security Advisory - php - CVE-2014-5120 (81aecee0) · Commits · poplar / meta-openembedded

Commit 81aecee0 authored Oct 23, 2014 by

Yue Tao Committed by Martin Jansa Oct 30, 2014

modphp: Security Advisory - php - CVE-2014-5120

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before
5.5.16 does not ensure that pathnames lack %00 sequences, which might
allow remote attackers to overwrite arbitrary files via crafted input to
an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif,
(4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5120



Signed-off-by: Yue Tao <Yue.Tao@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>

parent d47b4c7c

Hide whitespace changes

Inline Side-by-side

Please register or to comment

Admin message

modphp: Security Advisory - php - CVE-2014-5120