UBUNTU-CVE-2020-7064

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2020-7064

Downstream

USN-4330-1 USN-4330-2

Published: 01 Apr 2020, 04:15

Last modified:22 Apr 2026, 12:43

Vulnerability Summary

Overall Risk (default)

medium

26/100

CVSS Score

6.5 MEDIUM

3.1 (osv_ubuntu)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Apr 2020, 04:15

Published

Vulnerability first disclosed

22 Apr 2026, 12:43

Last Modified

Vulnerability information updated

Description

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.

CVSS Metrics

v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected Systems

ubuntu•php5
< 5.5.9+dfsg-1ubuntu4.29+esm11
ubuntu•php7.0
< 7.0.33-0ubuntu0.16.04.14
ubuntu•php7.2
< 7.2.24-0ubuntu0.18.04.4
ubuntu•php7.4
< 7.4.3-4ubuntu1.1