Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-529n-wwq1-3uh5

Summary gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

Aliases

alias	CVE-2014-5120

Fixed_packages

url	pkg:deb/debian/libgd2@0?distro=trixie
purl	pkg:deb/debian/libgd2@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@0%3Fdistro=trixie

url	pkg:deb/debian/libgd2@2.3.0-2?distro=trixie
purl	pkg:deb/debian/libgd2@2.3.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2%3Fdistro=trixie

url	pkg:deb/debian/libgd2@2.3.3-9?distro=trixie
purl	pkg:deb/debian/libgd2@2.3.3-9?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9%3Fdistro=trixie

url	pkg:deb/debian/libgd2@2.3.3-13?distro=trixie
purl	pkg:deb/debian/libgd2@2.3.3-13?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-13%3Fdistro=trixie

url	pkg:ebuild/dev-lang/php@5.5.16
purl	pkg:ebuild/dev-lang/php@5.5.16
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.5.16

Affected_packages

url pkg:rpm/redhat/php@5.4.16-23.el7_0?arch=1

purl pkg:rpm/redhat/php@5.4.16-23.el7_0?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1s3x-b1vy-qyef

vulnerability	VCID-2873-ph57-vqhd

vulnerability	VCID-2c9a-8dmq-a7e4

vulnerability	VCID-3qud-akea-9ugs

vulnerability	VCID-529n-wwq1-3uh5

vulnerability	VCID-nfed-ph6f-73dp

vulnerability	VCID-pcbe-qz2w-ckcw

vulnerability	VCID-qqgd-zrvc-2uaf

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.4.16-23.el7_0%3Farch=1

url pkg:rpm/redhat/php54-php@5.4.16-22?arch=el7

purl pkg:rpm/redhat/php54-php@5.4.16-22?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1s3x-b1vy-qyef

vulnerability	VCID-2873-ph57-vqhd

vulnerability	VCID-2c9a-8dmq-a7e4

vulnerability	VCID-2hx7-yt6y-6yfu

vulnerability	VCID-3qud-akea-9ugs

vulnerability	VCID-4tr4-kyyh-qfbd

vulnerability	VCID-529n-wwq1-3uh5

vulnerability	VCID-5f4s-ce83-pkcw

vulnerability	VCID-84y5-7hge-vbhn

vulnerability	VCID-avrk-szvf-13av

vulnerability	VCID-cuyy-h7c4-bkdj

vulnerability	VCID-ed1v-hdew-4qfj

vulnerability	VCID-g7hu-58fp-wkh2

vulnerability	VCID-k6m7-rzf9-a3hy

vulnerability	VCID-kuga-71fb-c7gu

vulnerability	VCID-mwnw-synf-fbc1

vulnerability	VCID-nfed-ph6f-73dp

vulnerability	VCID-pcbe-qz2w-ckcw

vulnerability	VCID-qqgd-zrvc-2uaf

vulnerability	VCID-scd1-g67x-3ybp

vulnerability	VCID-v62b-fqv9-dkhh

vulnerability	VCID-wmyz-1bey-bfde

vulnerability	VCID-xvxf-js9u-yyff

vulnerability	VCID-z3zy-kryc-6bgu

vulnerability	VCID-zqdy-kvwk-3ubd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.16-22%3Farch=el7

url pkg:rpm/redhat/php54-php@5.4.16-22?arch=el6

purl pkg:rpm/redhat/php54-php@5.4.16-22?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1s3x-b1vy-qyef

vulnerability	VCID-2873-ph57-vqhd

vulnerability	VCID-2c9a-8dmq-a7e4

vulnerability	VCID-2hx7-yt6y-6yfu

vulnerability	VCID-3qud-akea-9ugs

vulnerability	VCID-4tr4-kyyh-qfbd

vulnerability	VCID-529n-wwq1-3uh5

vulnerability	VCID-5f4s-ce83-pkcw

vulnerability	VCID-84y5-7hge-vbhn

vulnerability	VCID-avrk-szvf-13av

vulnerability	VCID-cuyy-h7c4-bkdj

vulnerability	VCID-ed1v-hdew-4qfj

vulnerability	VCID-g7hu-58fp-wkh2

vulnerability	VCID-k6m7-rzf9-a3hy

vulnerability	VCID-kuga-71fb-c7gu

vulnerability	VCID-mwnw-synf-fbc1

vulnerability	VCID-nfed-ph6f-73dp

vulnerability	VCID-pcbe-qz2w-ckcw

vulnerability	VCID-qqgd-zrvc-2uaf

vulnerability	VCID-scd1-g67x-3ybp

vulnerability	VCID-v62b-fqv9-dkhh

vulnerability	VCID-wmyz-1bey-bfde

vulnerability	VCID-xvxf-js9u-yyff

vulnerability	VCID-z3zy-kryc-6bgu

vulnerability	VCID-zqdy-kvwk-3ubd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.16-22%3Farch=el6

url pkg:rpm/redhat/php55-php@5.5.6-13?arch=el6

purl pkg:rpm/redhat/php55-php@5.5.6-13?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1s3x-b1vy-qyef

vulnerability	VCID-2873-ph57-vqhd

vulnerability	VCID-2c9a-8dmq-a7e4

vulnerability	VCID-2hx7-yt6y-6yfu

vulnerability	VCID-3qud-akea-9ugs

vulnerability	VCID-4tr4-kyyh-qfbd

vulnerability	VCID-529n-wwq1-3uh5

vulnerability	VCID-5f4s-ce83-pkcw

vulnerability	VCID-84y5-7hge-vbhn

vulnerability	VCID-avrk-szvf-13av

vulnerability	VCID-ed1v-hdew-4qfj

vulnerability	VCID-g7hu-58fp-wkh2

vulnerability	VCID-k6m7-rzf9-a3hy

vulnerability	VCID-mwnw-synf-fbc1

vulnerability	VCID-nfed-ph6f-73dp

vulnerability	VCID-pcbe-qz2w-ckcw

vulnerability	VCID-qqgd-zrvc-2uaf

vulnerability	VCID-wmyz-1bey-bfde

vulnerability	VCID-xvxf-js9u-yyff

vulnerability	VCID-z3zy-kryc-6bgu

vulnerability	VCID-zqdy-kvwk-3ubd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php55-php@5.5.6-13%3Farch=el6

url pkg:rpm/redhat/php55-php@5.5.6-13?arch=el7

purl pkg:rpm/redhat/php55-php@5.5.6-13?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1s3x-b1vy-qyef

vulnerability	VCID-2873-ph57-vqhd

vulnerability	VCID-2c9a-8dmq-a7e4

vulnerability	VCID-2hx7-yt6y-6yfu

vulnerability	VCID-3qud-akea-9ugs

vulnerability	VCID-4tr4-kyyh-qfbd

vulnerability	VCID-529n-wwq1-3uh5

vulnerability	VCID-5f4s-ce83-pkcw

vulnerability	VCID-84y5-7hge-vbhn

vulnerability	VCID-avrk-szvf-13av

vulnerability	VCID-ed1v-hdew-4qfj

vulnerability	VCID-g7hu-58fp-wkh2

vulnerability	VCID-k6m7-rzf9-a3hy

vulnerability	VCID-mwnw-synf-fbc1

vulnerability	VCID-nfed-ph6f-73dp

vulnerability	VCID-pcbe-qz2w-ckcw

vulnerability	VCID-qqgd-zrvc-2uaf

vulnerability	VCID-wmyz-1bey-bfde

vulnerability	VCID-xvxf-js9u-yyff

vulnerability	VCID-z3zy-kryc-6bgu

vulnerability	VCID-zqdy-kvwk-3ubd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php55-php@5.5.6-13%3Farch=el7

References

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-5120

reference_id

reference_type

scores

value	0.08774
scoring_system	epss
scoring_elements	0.92662
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-5120

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1132793
reference_id	1132793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1132793

reference_url	https://security.gentoo.org/glsa/201408-11
reference_id	GLSA-201408-11
reference_type
scores
url	https://security.gentoo.org/glsa/201408-11

reference_url	https://access.redhat.com/errata/RHSA-2014:1327
reference_id	RHSA-2014:1327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1327

reference_url	https://access.redhat.com/errata/RHSA-2014:1765
reference_id	RHSA-2014:1765
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1765

reference_url	https://access.redhat.com/errata/RHSA-2014:1766
reference_id	RHSA-2014:1766
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2014:1766

Weaknesses

cwe_id	626
name	Null Byte Interaction Error (Poison Null Byte)
description	The product does not properly handle null bytes or NUL characters when passing data between different representations or components.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.1

Risk_score 0.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-529n-wwq1-3uh5

Vulnerability Instance