It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | php55 | 2014-09-18 21:03 | ALAS-2014-415 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:N/I:P/A:N |
NVD | CVSSv2 | 6.4 | AV:N/AC:L/Au:N/C:N/I:P/A:P |