NextGuard
UNKNOWNCVE-2020-7064

Use-of-uninitialized-value in exif

Platform

php

Component

php

Fixed in

7.4.4

View on NVD

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

How to fix

Actualice a la versión de PHP 7.2.29, 7.3.16 o 7.4.4 o superior. Esto corregirá la vulnerabilidad de lectura de memoria no inicializada en la función exif_read_data().

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free
CVE-2020-7064 — Vulnerability Details | NextGuard | NextGuard