EUVD-2018-2621

Malware in sbrugna...

CVE-2020-1917

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

BIT-PHP-2020-7064 Use-of-uninitialized-value in exif

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

K48355112: PHP vulnerability CVE-2018-10549

Security Advisory Description An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exifreaddata in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exifiifaddvalue mishandles the case of a MakerNote that lacks a fin...

Ubuntu: Security Advisory (USN-40-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PHP 7.1.x < 7.1.30, 7.2.x < 7.2.19, 7.3.x < 7.3.6 Multiple Vulnerabilities - Linux

PHP is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

CVE-2020-1917

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

CVE-2020-1917

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

Out-of-bounds

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

CVE-2020-1917

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

CVE-2020-1917

The CVE-2020-1917 issue is a concrete bug in xbuf_format_converter (part of exif_read_data) in HHVM. It appends a terminating null without the normal append path, enabling an out-of-bounds write when the buffer is full. Affected HHVM versions include: prior to 4.56.3, 4.57.0–4.80.1, 4.81.0–4.93.1...

CVE-2020-1917

xbufformatconverter, used as part of exifreaddata, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to...

Information Disclosure

php is vulnerable to information disclosure in exifreaddata...

php: Information disclosure in exif_read_data() function

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

EulerOS Virtualization for ARM 64 3.0.6.0 : php (EulerOS-SA-2020-1700)

According to the versions of the php packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using getheaders with user-supplied...

Amazon Linux AMI : php72 (ALAS-2020-1367)

The version of php72 installed on the remote host is prior to 7.2.30-1.22. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2020-1367 advisory. In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata...

Medium: php72

Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

Medium: php73

Issue Overview: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exifreaddata function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash...

SUSE SLED15 / SLES15 Security Update : php7 (SUSE-SU-2020:1199-1)

This update for php7 fixes the following issues : CVE-2020-7064: Fixed a one byte read of uninitialized memory in exifreaddata bsc1168326. CVE-2020-7066: Fixed URL truncation getheaders if the URL contains zero \0 character bsc1168352. Note that Tenable Network Security has extracted the precedin...

PHP exif_read_data Out-Of-Bounds Read (CVE-2020-7064)

An out of bounds read vulnerability exists in PHP. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information from the affected system...