CVE-2020-7064
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-7064
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7064.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-7064
- Aliases
- Related
- Published
- 2020-04-01T04:15:13Z
- Modified
- 2024-10-11T10:10:43Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
- References
-
- https://bugs.php.net/bug.php?id=79282
- https://security.netapp.com/advisory/ntap-20200403-0001/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html
- https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html
- https://www.tenable.com/security/tns-2021-14
- https://usn.ubuntu.com/4330-1/
- https://usn.ubuntu.com/4330-2/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://security-tracker.debian.org/tracker/CVE-2020-7064
Affected packages
Debian:11 / php7.4
Package
- Name
- php7.4
- Purl
- pkg:deb/debian/php7.4?arch=source