PHP versions 7.2.x below 7.2.9 Out-of-bounds Read Vulnerability

Published on May 23rd, 2020
Summary

A one byte out-of-bounds read, which could potentially lead to information disclosure or crash.

 

 

Credit:

The information has been provided by Thorsten Alteholz

The original article can be found at:https://bugs.php.net/bug.php?id=79282

 


Details

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

 

Vulnerable Systems:

PHP versions 7.2.x below 7.2.9

PHP versions 7.3.x below 7.3.16

PHP versions 7.4.x below 7.4.34

 

CVE Information:

CVE-2020-7064

 

Disclosure Timeline:
Published Date:4/1/2020

 

Categories: FeaturedNews

Related Posts

Featured News

HUAWEI P30 with versions earlier than 10.1.0.160 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability

Featured News

HUAWEI P30 with versions earlier than 10.1.0.135 Improper Verification of Cryptographic Signature Vulnerability

Featured News

HUAWEI P30 smartphone versions 10.1.0.135 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability