Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/76118?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76118?format=api", "vulnerability_id": "VCID-529n-wwq1-3uh5", "summary": "gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.", "aliases": [ { "alias": "CVE-2014-5120" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/101831?format=api", "purl": "pkg:deb/debian/libgd2@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101822?format=api", "purl": "pkg:deb/debian/libgd2@2.3.0-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101820?format=api", "purl": "pkg:deb/debian/libgd2@2.3.3-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/101823?format=api", "purl": "pkg:deb/debian/libgd2@2.3.3-13?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-13%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/505259?format=api", "purl": "pkg:ebuild/dev-lang/php@5.5.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.5.16" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/175871?format=api", "purl": "pkg:rpm/redhat/php@5.4.16-23.el7_0?arch=1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1s3x-b1vy-qyef" }, { "vulnerability": "VCID-2873-ph57-vqhd" }, { "vulnerability": "VCID-2c9a-8dmq-a7e4" }, { "vulnerability": "VCID-3qud-akea-9ugs" }, { "vulnerability": "VCID-529n-wwq1-3uh5" }, { "vulnerability": "VCID-nfed-ph6f-73dp" }, { "vulnerability": "VCID-pcbe-qz2w-ckcw" }, { "vulnerability": "VCID-qqgd-zrvc-2uaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.4.16-23.el7_0%3Farch=1" }, { "url": "http://public2.vulnerablecode.io/api/packages/175393?format=api", "purl": "pkg:rpm/redhat/php54-php@5.4.16-22?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1s3x-b1vy-qyef" }, { "vulnerability": "VCID-2873-ph57-vqhd" }, { "vulnerability": "VCID-2c9a-8dmq-a7e4" }, { "vulnerability": "VCID-2hx7-yt6y-6yfu" }, { "vulnerability": "VCID-3qud-akea-9ugs" }, { "vulnerability": "VCID-4tr4-kyyh-qfbd" }, { "vulnerability": "VCID-529n-wwq1-3uh5" }, { "vulnerability": "VCID-5f4s-ce83-pkcw" }, { "vulnerability": "VCID-84y5-7hge-vbhn" }, { "vulnerability": "VCID-avrk-szvf-13av" }, { "vulnerability": "VCID-cuyy-h7c4-bkdj" }, { "vulnerability": "VCID-ed1v-hdew-4qfj" }, { "vulnerability": "VCID-g7hu-58fp-wkh2" }, { "vulnerability": "VCID-k6m7-rzf9-a3hy" }, { "vulnerability": "VCID-kuga-71fb-c7gu" }, { "vulnerability": "VCID-mwnw-synf-fbc1" }, { "vulnerability": "VCID-nfed-ph6f-73dp" }, { "vulnerability": "VCID-pcbe-qz2w-ckcw" }, { "vulnerability": "VCID-qqgd-zrvc-2uaf" }, { "vulnerability": "VCID-scd1-g67x-3ybp" }, { "vulnerability": "VCID-v62b-fqv9-dkhh" }, { "vulnerability": "VCID-wmyz-1bey-bfde" }, { "vulnerability": "VCID-xvxf-js9u-yyff" }, { "vulnerability": "VCID-z3zy-kryc-6bgu" }, { "vulnerability": "VCID-zqdy-kvwk-3ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.16-22%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/175394?format=api", "purl": "pkg:rpm/redhat/php54-php@5.4.16-22?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1s3x-b1vy-qyef" }, { "vulnerability": "VCID-2873-ph57-vqhd" }, { "vulnerability": "VCID-2c9a-8dmq-a7e4" }, { "vulnerability": "VCID-2hx7-yt6y-6yfu" }, { "vulnerability": "VCID-3qud-akea-9ugs" }, { "vulnerability": "VCID-4tr4-kyyh-qfbd" }, { "vulnerability": "VCID-529n-wwq1-3uh5" }, { "vulnerability": "VCID-5f4s-ce83-pkcw" }, { "vulnerability": "VCID-84y5-7hge-vbhn" }, { "vulnerability": "VCID-avrk-szvf-13av" }, { "vulnerability": "VCID-cuyy-h7c4-bkdj" }, { "vulnerability": "VCID-ed1v-hdew-4qfj" }, { "vulnerability": "VCID-g7hu-58fp-wkh2" }, { "vulnerability": "VCID-k6m7-rzf9-a3hy" }, { "vulnerability": "VCID-kuga-71fb-c7gu" }, { "vulnerability": "VCID-mwnw-synf-fbc1" }, { "vulnerability": "VCID-nfed-ph6f-73dp" }, { "vulnerability": "VCID-pcbe-qz2w-ckcw" }, { "vulnerability": "VCID-qqgd-zrvc-2uaf" }, { "vulnerability": "VCID-scd1-g67x-3ybp" }, { "vulnerability": "VCID-v62b-fqv9-dkhh" }, { "vulnerability": "VCID-wmyz-1bey-bfde" }, { "vulnerability": "VCID-xvxf-js9u-yyff" }, { "vulnerability": "VCID-z3zy-kryc-6bgu" }, { "vulnerability": "VCID-zqdy-kvwk-3ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.16-22%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/175388?format=api", "purl": "pkg:rpm/redhat/php55-php@5.5.6-13?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1s3x-b1vy-qyef" }, { "vulnerability": "VCID-2873-ph57-vqhd" }, { "vulnerability": "VCID-2c9a-8dmq-a7e4" }, { "vulnerability": "VCID-2hx7-yt6y-6yfu" }, { "vulnerability": "VCID-3qud-akea-9ugs" }, { "vulnerability": "VCID-4tr4-kyyh-qfbd" }, { "vulnerability": "VCID-529n-wwq1-3uh5" }, { "vulnerability": "VCID-5f4s-ce83-pkcw" }, { "vulnerability": "VCID-84y5-7hge-vbhn" }, { "vulnerability": "VCID-avrk-szvf-13av" }, { "vulnerability": "VCID-ed1v-hdew-4qfj" }, { "vulnerability": "VCID-g7hu-58fp-wkh2" }, { "vulnerability": "VCID-k6m7-rzf9-a3hy" }, { "vulnerability": "VCID-mwnw-synf-fbc1" }, { "vulnerability": "VCID-nfed-ph6f-73dp" }, { "vulnerability": "VCID-pcbe-qz2w-ckcw" }, { "vulnerability": "VCID-qqgd-zrvc-2uaf" }, { "vulnerability": "VCID-wmyz-1bey-bfde" }, { "vulnerability": "VCID-xvxf-js9u-yyff" }, { "vulnerability": "VCID-z3zy-kryc-6bgu" }, { "vulnerability": "VCID-zqdy-kvwk-3ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php55-php@5.5.6-13%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/175392?format=api", "purl": "pkg:rpm/redhat/php55-php@5.5.6-13?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1s3x-b1vy-qyef" }, { "vulnerability": "VCID-2873-ph57-vqhd" }, { "vulnerability": "VCID-2c9a-8dmq-a7e4" }, { "vulnerability": "VCID-2hx7-yt6y-6yfu" }, { "vulnerability": "VCID-3qud-akea-9ugs" }, { "vulnerability": "VCID-4tr4-kyyh-qfbd" }, { "vulnerability": "VCID-529n-wwq1-3uh5" }, { "vulnerability": "VCID-5f4s-ce83-pkcw" }, { "vulnerability": "VCID-84y5-7hge-vbhn" }, { "vulnerability": "VCID-avrk-szvf-13av" }, { "vulnerability": "VCID-ed1v-hdew-4qfj" }, { "vulnerability": "VCID-g7hu-58fp-wkh2" }, { "vulnerability": "VCID-k6m7-rzf9-a3hy" }, { "vulnerability": "VCID-mwnw-synf-fbc1" }, { "vulnerability": "VCID-nfed-ph6f-73dp" }, { "vulnerability": "VCID-pcbe-qz2w-ckcw" }, { "vulnerability": "VCID-qqgd-zrvc-2uaf" }, { "vulnerability": "VCID-wmyz-1bey-bfde" }, { "vulnerability": "VCID-xvxf-js9u-yyff" }, { "vulnerability": "VCID-z3zy-kryc-6bgu" }, { "vulnerability": "VCID-zqdy-kvwk-3ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php55-php@5.5.6-13%3Farch=el7" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08774", "scoring_system": "epss", "scoring_elements": "0.92662", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.08774", "scoring_system": "epss", "scoring_elements": "0.92674", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-5120" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1132793", "reference_id": "1132793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1132793" }, { "reference_url": "https://security.gentoo.org/glsa/201408-11", "reference_id": "GLSA-201408-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201408-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1327", "reference_id": "RHSA-2014:1327", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1765", "reference_id": "RHSA-2014:1765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1766", "reference_id": "RHSA-2014:1766", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1766" } ], "weaknesses": [ { "cwe_id": 626, "name": "Null Byte Interaction Error (Poison Null Byte)", "description": "The product does not properly handle null bytes or NUL characters when passing data between different representations or components." } ], "exploits": [], "severity_range_score": null, "exploitability": "0.5", "weighted_severity": "0.1", "risk_score": 0.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-529n-wwq1-3uh5" }