CVE-2014-2020

2014-02-1811:55:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2014-2020

php

security

remote attack

nvd

vulnerability

data type check

6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

70.0%

JSON

ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric data type, as demonstrated by an imagecrop function call with a string for the x dimension value, a different vulnerability than CVE-2013-7226.

CPENameOperatorVersion
php:phpphpeq5.5.0
php:phpphpeq5.5.1
php:phpphpeq5.5.5
php:phpphpeq5.5.7
php:phpphpeq5.5.6
php:phpphpeq5.5.3
php:phpphpeq5.5.4
php:phpphple5.5.8
php:phpphpeq5.5.2

CPE	Name	Operator	Version
php:php	php	eq	5.5.0
php:php	php	eq	5.5.1
php:php	php	eq	5.5.5
php:php	php	eq	5.5.7
php:php	php	eq	5.5.6
php:php	php	eq	5.5.3
php:php	php	eq	5.5.4
php:php	php	le	5.5.8
php:php	php	eq	5.5.2