Lucene search
Veracode Vulnerability DatabaseVERACODE:26197HistoryAug 06, 2020 - 9:35 p.m.
Information Disclosure
2020-08-0621:35:32
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
24
0.004 Low
EPSS
Percentile
72.3%
php7 is vulnerable to information disclosure. The vulnerability exists while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php7 | eq | 7.2.27-r0 | |
| php7:3.11 | eq | 7.3.15-r0 | |
| rh-php73-php | eq | 7.3.11__1.el7 | |
| php7:edge | eq | 7.3.15-r2 | |
| php7 | eq | 7.2.27-r0 | |
| php7:3.11 | eq | 7.3.15-r0 | |
| rh-php73-php | eq | 7.3.11__1.el7 | |
| php7:edge | eq | 7.3.15-r2 |
References
lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html
bugs.php.net/bug.php?id=79282
lists.debian.org/debian-lts-announce/2020/04/msg00021.html
security.netapp.com/advisory/ntap-20200403-0001/
usn.ubuntu.com/4330-1/
usn.ubuntu.com/4330-2/
www.debian.org/security/2020/dsa-4717
www.debian.org/security/2020/dsa-4719
www.oracle.com/security-alerts/cpujan2021.html
www.tenable.com/security/tns-2021-14
Related
alpinelinux
alpinelinux
CVE-2020-7064
2020-04-01 04:15:13
cve
cve
CVE-2020-7064
2020-04-01 04:15:13
cvelist
cvelist
CVE-2020-7064 Use-of-uninitialized-value in exif
2020-02-17 00:00:00
redhatcve
redhatcve
CVE-2020-7064
2020-04-03 13:01:37
debiancve
debiancve
CVE-2020-7064
2020-04-01 04:15:13
prion
prion
Information disclosure
2020-04-01 04:15:00
osv
osv
BIT-php-2020-7064
2024-03-06 11:07:02
CVE-2020-7064
2020-04-01 04:15:13
php5 - security update
2020-04-26 00:00:00
checkpoint_advisories
checkpoint_advisories
PHP exif_read_data Out-Of-Bounds Read (CVE-2020-7064)
2020-04-16 00:00:00
ubuntucve
ubuntucve
CVE-2020-7064
2020-04-01 00:00:00
attackerkb
attackerkb
CVE-2020-7064
2020-02-17 00:00:00
nvd
nvd
CVE-2020-7064
2020-04-01 04:15:13
openvas
openvas
openSUSE: Security Advisory for php7 (openSUSE-SU-2020:0642-1)
2020-05-12 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1700)
2020-06-26 00:00:00
Huawei EulerOS: Security Advisory for php (EulerOS-SA-2020-1586)
2020-05-26 00:00:00
suse
suse
Security update for php7 (moderate)
2020-05-11 00:00:00
nessus
nessus
RHEL 8 : 7.2_php (Unpatched Vulnerability)
2024-06-03 00:00:00
SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:1199-1)
2020-05-11 00:00:00
EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1700)
2020-06-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package php7 version 7.2.29-alt1
2020-03-27 00:00:00
Security fix for the ALT Linux 9 package php7 version 7.3.16-alt1
2020-03-26 00:00:00
Security fix for the ALT Linux 10 package php8.1 version 7.3.16-alt1
2020-03-24 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: php-7.4.4-1.fc32
2020-03-25 16:17:12
[SECURITY] Fedora 31 Update: php-7.3.16-1.fc31
2020-03-26 01:20:28
[SECURITY] Fedora 30 Update: php-7.3.16-1.fc30
2020-03-26 09:48:08
amazon
amazon
Medium: php72
2020-05-08 20:28:00
Medium: php73
2020-05-08 20:29:00
debian
debian
[SECURITY] [DLA 2188-1] php5 security update
2020-04-26 14:08:10
[SECURITY] [DSA 4717-1] php7.0 security update
2020-07-05 14:35:07
[SECURITY] [DSA 4717-1] php7.0 security update
2020-07-05 14:35:07
ubuntu
ubuntu
PHP vulnerabilities
2020-05-06 00:00:00
PHP vulnerabilities
2020-04-15 00:00:00
mageia
mageia
Updated php packages fix security vulnerability
2020-04-01 04:56:57
ibm
ibm
gentoo
gentoo
PHP: Multiple vulnerabilities
2020-03-26 00:00:00
redhat
redhat
almalinux
almalinux
Moderate: php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
rocky
rocky
php:7.3 security, bug fix, and enhancement update
2020-09-08 08:38:31
oraclelinux
oraclelinux
php:7.3 security, bug fix, and enhancement update
2020-09-09 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00