BIT-php-2020-7064
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/php/BIT-php-2020-7064.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-php-2020-7064
- Aliases
- Published
- 2024-03-06T11:07:02.697Z
- Modified
- 2024-03-06T11:25:28.861Z
- Summary
- [none]
- Details
-
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html
- https://bugs.php.net/bug.php?id=79282
- https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html
- https://security.netapp.com/advisory/ntap-20200403-0001/
- https://usn.ubuntu.com/4330-1/
- https://usn.ubuntu.com/4330-2/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.tenable.com/security/tns-2021-14
Affected packages
Bitnami / php
Package
- Name
- php
- Purl
- pkg:bitnami/php
Severity
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVSS Calculator