Описание
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | not-affected | 5.5.9+dfsg-1ubuntu4.29+esm11 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | not-affected | 5.3.10-1ubuntu3.45 |
| trusty | ignored | end of standard support |
| trusty/esm | released | 5.5.9+dfsg-1ubuntu4.29+esm11 |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| esm-infra/xenial | not-affected | 7.0.33-0ubuntu0.16.04.14 |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 7.2.24-0ubuntu0.18.04.4 |
| devel | DNE | |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 7.2.24-0ubuntu0.18.04.4 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| eoan | released | 7.3.11-0ubuntu0.19.10.4 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| precise/esm | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | released | 7.4.3-4ubuntu2 |
| eoan | DNE | |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | not-affected | 7.4.3-4ubuntu1.1 |
| focal | released | 7.4.3-4ubuntu1.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 7.4.4 |
Показывать по
5.8 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
Уязвимость реализации функции exif_read_data() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании
5.8 Medium
CVSS2
6.5 Medium
CVSS3