CVE-2020-7064
Use-of-uninitialized-value in exif
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
We have discovered 615,085 live websites that are affected by CVE-2020-7064.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Versions |
|
| Total Vulnerable Versions | 507 |
| Vulnerable Domains | 615,085 live websites (5.08% of PHP install base) |
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-7064 and the relative popularity of websitesDetails
- Published - Feb 17, 2020
- Updated - Jul 23, 2021
Credits
- From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19581
CWE
CVE References
CWE References
Countries
 United States | 121,921 websites |
 France | 244,506 websites |
 Russia | 66,646 websites |
 China | 20,496 websites |
 Germany | 14,128 websites |
 Poland | 12,766 websites |
 Italy | 11,879 websites |
 Belgium | 11,568 websites |
 Spain | 9,668 websites |
 Netherlands | 9,609 websites |
TLDs
| .com | 251,338 websites |
| .fr | 109,052 websites |
| .ru | 64,342 websites |
| .org | 25,211 websites |
| .net | 16,852 websites |
| .be | 12,963 websites |
| .pl | 10,003 websites |
| .it | 8,947 websites |
| .de | 8,747 websites |
| .nl | 6,806 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redGeographical Distribution
The distribution of websites across the globe that are exposed to CVE-2020-7064 through included software libraries and plugins.References
- https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html
- https://usn.ubuntu.com/4330-1/
- https://usn.ubuntu.com/4330-2/
- http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00025.html
- https://www.debian.org/security/2020/dsa-4717
- https://www.debian.org/security/2020/dsa-4719
- https://bugs.php.net/bug.php?id=79282
- https://security.netapp.com/advisory/ntap-20200403-0001/
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://www.tenable.com/security/tns-2021-14
Websites affected by CVE-2020-7064
Top websites that are affected by CVE-2020-7064. Please click on the "Contact us" button above to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***.*****.cz |  Czech Republic | *,*** | |
| *.cn | China | *,*** | |
| ***.*.cn | China | *,*** | |
| ***.*****.pl | Poland | *,*** | |
| *******.com | Germany | *,*** | |
| *****.***.cn | China | *,*** | |
| ***.*****.***.cn | China | *,*** | |
| *****.cn | China | *,*** | |
| ***.*****.cn | China | *,*** | |
| ***.*********.com | China | *,*** |