{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76118?format=json","vulnerability_id":"VCID-529n-wwq1-3uh5","summary":"gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.","aliases":[{"alias":"CVE-2014-5120"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101831?format=json","purl":"pkg:deb/debian/libgd2@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101822?format=json","purl":"pkg:deb/debian/libgd2@2.3.0-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.0-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101820?format=json","purl":"pkg:deb/debian/libgd2@2.3.3-9?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-9%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101823?format=json","purl":"pkg:deb/debian/libgd2@2.3.3-13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libgd2@2.3.3-13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/505259?format=json","purl":"pkg:ebuild/dev-lang/php@5.5.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-lang/php@5.5.16"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/175871?format=json","purl":"pkg:rpm/redhat/php@5.4.16-23.el7_0?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s3x-b1vy-qyef"},{"vulnerability":"VCID-2873-ph57-vqhd"},{"vulnerability":"VCID-2c9a-8dmq-a7e4"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-529n-wwq1-3uh5"},{"vulnerability":"VCID-nfed-ph6f-73dp"},{"vulnerability":"VCID-pcbe-qz2w-ckcw"},{"vulnerability":"VCID-qqgd-zrvc-2uaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php@5.4.16-23.el7_0%3Farch=1"},{"url":"http://public2.vulnerablecode.io/api/packages/175393?format=json","purl":"pkg:rpm/redhat/php54-php@5.4.16-22?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s3x-b1vy-qyef"},{"vulnerability":"VCID-2873-ph57-vqhd"},{"vulnerability":"VCID-2c9a-8dmq-a7e4"},{"vulnerability":"VCID-2hx7-yt6y-6yfu"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-4tr4-kyyh-qfbd"},{"vulnerability":"VCID-529n-wwq1-3uh5"},{"vulnerability":"VCID-5f4s-ce83-pkcw"},{"vulnerability":"VCID-84y5-7hge-vbhn"},{"vulnerability":"VCID-avrk-szvf-13av"},{"vulnerability":"VCID-cuyy-h7c4-bkdj"},{"vulnerability":"VCID-ed1v-hdew-4qfj"},{"vulnerability":"VCID-g7hu-58fp-wkh2"},{"vulnerability":"VCID-k6m7-rzf9-a3hy"},{"vulnerability":"VCID-kuga-71fb-c7gu"},{"vulnerability":"VCID-mwnw-synf-fbc1"},{"vulnerability":"VCID-nfed-ph6f-73dp"},{"vulnerability":"VCID-pcbe-qz2w-ckcw"},{"vulnerability":"VCID-qqgd-zrvc-2uaf"},{"vulnerability":"VCID-scd1-g67x-3ybp"},{"vulnerability":"VCID-v62b-fqv9-dkhh"},{"vulnerability":"VCID-wmyz-1bey-bfde"},{"vulnerability":"VCID-xvxf-js9u-yyff"},{"vulnerability":"VCID-z3zy-kryc-6bgu"},{"vulnerability":"VCID-zqdy-kvwk-3ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.16-22%3Farch=el7"},{"url":"http://public2.vulnerablecode.io/api/packages/175394?format=json","purl":"pkg:rpm/redhat/php54-php@5.4.16-22?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s3x-b1vy-qyef"},{"vulnerability":"VCID-2873-ph57-vqhd"},{"vulnerability":"VCID-2c9a-8dmq-a7e4"},{"vulnerability":"VCID-2hx7-yt6y-6yfu"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-4tr4-kyyh-qfbd"},{"vulnerability":"VCID-529n-wwq1-3uh5"},{"vulnerability":"VCID-5f4s-ce83-pkcw"},{"vulnerability":"VCID-84y5-7hge-vbhn"},{"vulnerability":"VCID-avrk-szvf-13av"},{"vulnerability":"VCID-cuyy-h7c4-bkdj"},{"vulnerability":"VCID-ed1v-hdew-4qfj"},{"vulnerability":"VCID-g7hu-58fp-wkh2"},{"vulnerability":"VCID-k6m7-rzf9-a3hy"},{"vulnerability":"VCID-kuga-71fb-c7gu"},{"vulnerability":"VCID-mwnw-synf-fbc1"},{"vulnerability":"VCID-nfed-ph6f-73dp"},{"vulnerability":"VCID-pcbe-qz2w-ckcw"},{"vulnerability":"VCID-qqgd-zrvc-2uaf"},{"vulnerability":"VCID-scd1-g67x-3ybp"},{"vulnerability":"VCID-v62b-fqv9-dkhh"},{"vulnerability":"VCID-wmyz-1bey-bfde"},{"vulnerability":"VCID-xvxf-js9u-yyff"},{"vulnerability":"VCID-z3zy-kryc-6bgu"},{"vulnerability":"VCID-zqdy-kvwk-3ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php54-php@5.4.16-22%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/175388?format=json","purl":"pkg:rpm/redhat/php55-php@5.5.6-13?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s3x-b1vy-qyef"},{"vulnerability":"VCID-2873-ph57-vqhd"},{"vulnerability":"VCID-2c9a-8dmq-a7e4"},{"vulnerability":"VCID-2hx7-yt6y-6yfu"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-4tr4-kyyh-qfbd"},{"vulnerability":"VCID-529n-wwq1-3uh5"},{"vulnerability":"VCID-5f4s-ce83-pkcw"},{"vulnerability":"VCID-84y5-7hge-vbhn"},{"vulnerability":"VCID-avrk-szvf-13av"},{"vulnerability":"VCID-ed1v-hdew-4qfj"},{"vulnerability":"VCID-g7hu-58fp-wkh2"},{"vulnerability":"VCID-k6m7-rzf9-a3hy"},{"vulnerability":"VCID-mwnw-synf-fbc1"},{"vulnerability":"VCID-nfed-ph6f-73dp"},{"vulnerability":"VCID-pcbe-qz2w-ckcw"},{"vulnerability":"VCID-qqgd-zrvc-2uaf"},{"vulnerability":"VCID-wmyz-1bey-bfde"},{"vulnerability":"VCID-xvxf-js9u-yyff"},{"vulnerability":"VCID-z3zy-kryc-6bgu"},{"vulnerability":"VCID-zqdy-kvwk-3ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php55-php@5.5.6-13%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/175392?format=json","purl":"pkg:rpm/redhat/php55-php@5.5.6-13?arch=el7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1s3x-b1vy-qyef"},{"vulnerability":"VCID-2873-ph57-vqhd"},{"vulnerability":"VCID-2c9a-8dmq-a7e4"},{"vulnerability":"VCID-2hx7-yt6y-6yfu"},{"vulnerability":"VCID-3qud-akea-9ugs"},{"vulnerability":"VCID-4tr4-kyyh-qfbd"},{"vulnerability":"VCID-529n-wwq1-3uh5"},{"vulnerability":"VCID-5f4s-ce83-pkcw"},{"vulnerability":"VCID-84y5-7hge-vbhn"},{"vulnerability":"VCID-avrk-szvf-13av"},{"vulnerability":"VCID-ed1v-hdew-4qfj"},{"vulnerability":"VCID-g7hu-58fp-wkh2"},{"vulnerability":"VCID-k6m7-rzf9-a3hy"},{"vulnerability":"VCID-mwnw-synf-fbc1"},{"vulnerability":"VCID-nfed-ph6f-73dp"},{"vulnerability":"VCID-pcbe-qz2w-ckcw"},{"vulnerability":"VCID-qqgd-zrvc-2uaf"},{"vulnerability":"VCID-wmyz-1bey-bfde"},{"vulnerability":"VCID-xvxf-js9u-yyff"},{"vulnerability":"VCID-z3zy-kryc-6bgu"},{"vulnerability":"VCID-zqdy-kvwk-3ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/php55-php@5.5.6-13%3Farch=el7"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-5120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5120","reference_id":"","reference_type":"","scores":[{"value":"0.08774","scoring_system":"epss","scoring_elements":"0.92662","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08774","scoring_system":"epss","scoring_elements":"0.92674","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-5120"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1132793","reference_id":"1132793","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1132793"},{"reference_url":"https://security.gentoo.org/glsa/201408-11","reference_id":"GLSA-201408-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201408-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1327","reference_id":"RHSA-2014:1327","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1327"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1765","reference_id":"RHSA-2014:1765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:1766","reference_id":"RHSA-2014:1766","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:1766"}],"weaknesses":[{"cwe_id":626,"name":"Null Byte Interaction Error (Poison Null Byte)","description":"The product does not properly handle null bytes or NUL characters when passing data between different representations or components."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.1","risk_score":0.1,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-529n-wwq1-3uh5"}