BIT-php-min-2020-7064
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/php-min/BIT-php-min-2020-7064.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-php-min-2020-7064
- Aliases
- Published
- 2025-01-14T19:23:49.415Z
- Modified
- 2025-01-15T08:57:01.171339Z
- Summary
- [none]
- Details
-
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
- Database specific
{ "cpes": [ "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*" ], "severity": "Medium" }- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html
- https://bugs.php.net/bug.php?id=79282
- https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html
- https://security.netapp.com/advisory/ntap-20200403-0001/
- https://usn.ubuntu.com/4330-1/
- https://usn.ubuntu.com/4330-2/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.tenable.com/security/tns-2021-14
Affected packages
Bitnami / php-min
Package
- Name
- php-min
- Purl
- pkg:bitnami/php-min
Severity
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator