Summary: | <dev-lang/php-{5.4.32,5.5.16}: Null byte injection possible with imagexxx functions (CVE-2014-5120) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled, php-bugs, vapier |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=67730 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2014-08-21 21:29:40 UTC
this bug, basically affects gd and not php. PHP uses bundled gd, so I guess it should affect php. Fixes should be committed though. This is fixed in PHP 5.5.16 and 5.4.32 Continuing this bug as PHP only, media-libs/gd is handled in bug 520716 CVE-2014-5120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120): gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. Stabilization, cleanup done. In existing GLSA request. This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |