CVE-2022-31627

Summary

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP8.1.X < 8.1.8affected

Weaknesses

  • CWE-590: CWE-590 Free of Memory not on the Heap

ADP Enrichment

CVE Program Container

Additional References

References