CVE-2020-7064: Use-of-uninitialized-value in exif
First published: Mon Feb 17 2020(Updated: )
A vulnerability was found in PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
Credit: security@php.net security@php.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/rh-php73-php | <0:7.3.20-1.el7 | 0:7.3.20-1.el7 |
| redhat/php | <7.2.9 | 7.2.9 |
| redhat/php | <7.3.16 | 7.3.16 |
| redhat/php | <7.4.4 | 7.4.4 |
| debian/php7.4 | 7.4.33-1+deb11u5 7.4.33-1+deb11u7 | |
| PHP | >=7.2.0<7.2.29 | |
| PHP | >=7.3.0<7.3.16 | |
| PHP | >=7.4.0<7.4.4 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Canonical Ubuntu Linux | =20.04 | |
| openSUSE Leap | =15.1 | |
| Tenable Tenable.sc | <5.19.0 | |
| PHP | <7.2.29 | 7.2.29 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-7064 https://nvd.nist.gov/vuln/detail/CVE-2020-7064 https://bugs.php.net/bug.php?id=79282
- https://bugzilla.redhat.com/show_bug.cgi?id=1820601
- https://access.redhat.com/errata/RHSA-2020:3662
- https://access.redhat.com/errata/RHSA-2020:5275
- https://access.redhat.com/security/cve/cve-2020-7064
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html
- https://bugs.php.net/bug.php?id=79282
- https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html
- https://security.netapp.com/advisory/ntap-20200403-0001/
- https://usn.ubuntu.com/4330-1/
- https://usn.ubuntu.com/4330-2/
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.tenable.com/security/tns-2021-14
- https://launchpad.net/bugs/cve/CVE-2020-7064
- https://www.php.net/ChangeLog-7.php#7.2.29 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1820602
- http://git.php.net/?p=php-src.git;a=commit;h=0c77b4307df73217283a4aaf9313e1a33a0967ff
- https://bugs.php.net/79282
- https://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2
- https://security-tracker.debian.org/tracker/CVE-2020-7064
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7064
- https://nvd.nist.gov/vuln/detail/CVE-2020-7064
- https://ubuntu.com/security/CVE-2020-7064
Frequently Asked Questions
What is CVE-2020-7064?
CVE-2020-7064 is a vulnerability in PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16, and 7.4.x below 7.4.4 that allows malicious data to cause PHP to read uninitialized memory, potentially leading to information disclosure or a crash.
How does CVE-2020-7064 affect PHP?
CVE-2020-7064 affects PHP by allowing malicious data to be parsed with the exif_read_data() function, leading to the potential reading of uninitialized memory.
What is the severity of CVE-2020-7064?
The severity of CVE-2020-7064 is medium with a severity score of 5.4.
How can I fix CVE-2020-7064?
Fix CVE-2020-7064 by upgrading PHP to version 7.2.9 or above for PHP 7.2.x, version 7.3.16 or above for PHP 7.3.x, and version 7.4.4 or above for PHP 7.4.x.
Where can I find more information about CVE-2020-7064?
More information about CVE-2020-7064 can be found at the following references: [Bugzilla](https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1820602), [PHP Bugs](https://bugs.php.net/bug.php?id=79282), [PHP Git Commit](http://git.php.net/?p=php-src.git;a=commit;h=0c77b4307df73217283a4aaf9313e1a33a0967ff).
- collector/redhat-cve
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-7064
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/references
- agent/remedy
- agent/description
- agent/event
- agent/last-modified-date
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/php-changelog
- source/PHP
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/php
- canonical/php
- version/php/7.2.0
- version/php/7.3.0
- version/php/7.4.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- version/canonical ubuntu linux/20.04
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/tenable
- canonical/tenable tenable.sc