In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2020-04-01T03:35:13.144448Z

Updated: 2024-09-16T23:56:45.058Z

Reserved: 2020-01-15T00:00:00

Link: CVE-2020-7064

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-04-01T04:15:13.693

Modified: 2024-11-21T05:36:36.027

Link: CVE-2020-7064

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-04-01T00:00:00Z

Links: CVE-2020-7064 - Bugzilla