Information disclosure

2020-04-0104:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.3%

JSON

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

CPENameOperatorVersion
ubuntu_linuxeq16.04
ubuntu_linuxeq12.04
ubuntu_linuxeq18.04
ubuntu_linuxeq14.04
ubuntu_linuxeq19.10
ubuntu_linuxeq20.04
debian_linuxeq8.0
debian_linuxeq9.0
debian_linuxeq10.0
leapeq15.1

Name	Operator	Version
ubuntu_linux	eq	16.04
ubuntu_linux	eq	12.04
ubuntu_linux	eq	18.04
ubuntu_linux	eq	14.04
ubuntu_linux	eq	19.10
ubuntu_linux	eq	20.04
debian_linux	eq	8.0
debian_linux	eq	9.0
debian_linux	eq	10.0
leap	eq	15.1