In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html | Mailing List Third Party Advisory |
https://bugs.php.net/bug.php?id=79282 | Exploit Issue Tracking Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html | Mailing List Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200403-0001/ | Third Party Advisory |
https://usn.ubuntu.com/4330-1/ | Third Party Advisory |
https://usn.ubuntu.com/4330-2/ | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4717 | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4719 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2021.html | Third Party Advisory |
https://www.tenable.com/security/tns-2021-14 | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: php
Published: 2020-02-17T00:00:00
Updated: 2021-07-22T17:07:08
Reserved: 2020-01-15T00:00:00
Link: CVE-2020-7064
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-01T04:15:13.693
Modified: 2022-08-29T20:04:14.693
Link: CVE-2020-7064
JSON object: View
Redhat Information
No data.
CWE