Lucene search

K

PRIOn knowledge basePRION:CVE-2014-5120

HistoryAug 23, 2014 - 1:55 a.m.

Code injection

2014-08-2301:55:00

PRIOn knowledge base

www.prio-n.com

6

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

76.7%

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

CPENameOperatorVersion
phpeq5.5.0 alpha1
phpeq5.5.0 alpha3
phpeq5.4.12 rc1
phpeq5.4.15 rc1
phpeq5.5.0 beta3
phpeq5.4.12
phpeq5.5.0
phpeq5.4.19
phpeq5.4.15
phpeq5.5.1

Rows per page:

1-10 of 681

References

lists.apple.com/archives/security-announce/2015/Apr/msg00001.html

lists.opensuse.org/opensuse-updates/2014-09/msg00024.html

php.net/ChangeLog-5.php

rhn.redhat.com/errata/RHSA-2014-1327.html

rhn.redhat.com/errata/RHSA-2014-1765.html

rhn.redhat.com/errata/RHSA-2014-1766.html

www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html

bugs.php.net/bug.php?id=67730

support.apple.com/HT204659

7.2 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

0.005 Low

EPSS

Percentile

76.7%

Related for PRION:CVE-2014-5120

ubuntucve1 cve1 debiancve1 veracode4 securityvulns3 openvas12 nessus17 amazon1 mageia1 fedora2 f52 slackware1 redhat3 centos1 oraclelinux2 gentoo1 rosalinux1