A vulnerability was found in PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
Created php tracking bugs for this issue: Affects: fedora-all [bug 1820602]
External References: https://bugs.php.net/bug.php?id=79282
Upstream patch: http://git.php.net/?p=php-src.git;a=commit;h=0c77b4307df73217283a4aaf9313e1a33a0967ff
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:3662 https://access.redhat.com/errata/RHSA-2020:3662
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-7064
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:5275 https://access.redhat.com/errata/RHSA-2020:5275