Summary: | media-libs/gd: Null byte injection possible with imagexxx functions (CVE-2014-5120) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | graphics+disabled, vapier |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=67730 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kristian Fiskerstrand (RETIRED)
2014-08-23 19:00:18 UTC
CVE-2014-5120 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5120): gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function. this fix was to php-specific gd module code. the file/code in question doesn't exist in media-libs/gd itself. so we can punt this bug. http://git.php.net/?p=php-src.git;a=commitdiff;h=706aefb78112a44d4932d4c9430c6a898696f51f (In reply to SpanKY from comment #2) > this fix was to php-specific gd module code. the file/code in question > doesn't exist in media-libs/gd itself. so we can punt this bug. > > http://git.php.net/?p=php-src.git;a=commitdiff; > h=706aefb78112a44d4932d4c9430c6a898696f51f Thanks for verifying that the issue does not exist in the stand-alone library. |