Total vulnerabilities in the database
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.
| Software | From | Fixed in |
|---|---|---|
| php / php | 5.5.0-alpha1 | 5.5.0-alpha1.x |
| php / php | 5.5.0-alpha3 | 5.5.0-alpha3.x |
| php / php | 5.4.12-rc1 | 5.4.12-rc1.x |
| php / php | 5.4.15-rc1 | 5.4.15-rc1.x |
| php / php | 5.5.0-beta3 | 5.5.0-beta3.x |
| php / php | 5.4.12 | 5.4.12.x |
| php / php | 5.5.0 | 5.5.0.x |
| php / php | 5.4.19 | 5.4.19.x |
| php / php | 5.4.15 | 5.4.15.x |
| php / php | 5.5.1 | 5.5.1.x |
| php / php | 5.5.5 | 5.5.5.x |
| php / php | 5.4.14 | 5.4.14.x |
| php / php | 5.4.8 | 5.4.8.x |
| php / php | 5.5.14 | 5.5.14.x |
| php / php | 5.4.17 | 5.4.17.x |
| php / php | 5.4.14-rc1 | 5.4.14-rc1.x |
| php / php | 5.5.7 | 5.5.7.x |
| php / php | 5.5.0-beta1 | 5.5.0-beta1.x |
| php / php | 5.4.12-rc2 | 5.4.12-rc2.x |
| php / php | 5.4.22 | 5.4.22.x |
| php / php | 5.4.9 | 5.4.9.x |
| php / php | 5.4.11 | 5.4.11.x |
| php / php | 5.5.12 | 5.5.12.x |
| php / php | 5.4.10 | 5.4.10.x |
| php / php | 5.5.6 | 5.5.6.x |
| php / php | 5.4.2 | 5.4.2.x |
| php / php | 5.5.0-rc1 | 5.5.0-rc1.x |
| php / php | 5.5.0-beta4 | 5.5.0-beta4.x |
| php / php | 5.5.3 | 5.5.3.x |
| php / php | 5.4.27 | 5.4.27.x |
| php / php | 5.5.8 | 5.5.8.x |
| php / php | 5.4.16-rc1 | 5.4.16-rc1.x |
| php / php | 5.4.28 | 5.4.28.x |
| php / php | 5.4.21 | 5.4.21.x |
| php / php | 5.4.5 | 5.4.5.x |
| php / php | 5.4.26 | 5.4.26.x |
| php / php | 5.5.0-alpha6 | 5.5.0-alpha6.x |
| php / php | 5.5.0-beta2 | 5.5.0-beta2.x |
| php / php | 5.5.15 | 5.5.15.x |
| php / php | 5.5.11 | 5.5.11.x |
| php / php | 5.5.13 | 5.5.13.x |
| php / php | 5.5.4 | 5.5.4.x |
| php / php | 5.4.24 | 5.4.24.x |
| php / php | 5.4.23 | 5.4.23.x |
| php / php | 5.4.6 | 5.4.6.x |
| php / php | 5.4.30 | 5.4.30.x |
| php / php | 5.4.31 | 5.4.31.x |
| php / php | 5.4.0-rc2 | 5.4.0-rc2.x |
| php / php | 5.4.13 | 5.4.13.x |
| php / php | 5.5.0-alpha4 | 5.5.0-alpha4.x |
| php / php | 5.4.29 | 5.4.29.x |
| php / php | 5.4.0 | 5.4.0.x |
| php / php | 5.4.3 | 5.4.3.x |
| php / php | 5.4.18 | 5.4.18.x |
| php / php | 5.5.10 | 5.5.10.x |
| php / php | 5.5.0-alpha5 | 5.5.0-alpha5.x |
| php / php | 5.4.1 | 5.4.1.x |
| php / php | 5.4.0-beta2 | 5.4.0-beta2.x |
| php / php | 5.4.13-rc1 | 5.4.13-rc1.x |
| php / php | 5.4.20 | 5.4.20.x |
| php / php | 5.5.0-alpha2 | 5.5.0-alpha2.x |
| php / php | 5.4.25 | 5.4.25.x |
| php / php | 5.4.7 | 5.4.7.x |
| php / php | 5.4.4 | 5.4.4.x |
| php / php | 5.5.2 | 5.5.2.x |
| php / php | 5.5.0-rc2 | 5.5.0-rc2.x |
| php / php | 5.5.9 | 5.5.9.x |