CVE-2022-31630

Summary

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

Affected Software

VendorProductVersion RangeStatus
PHP GroupPHP7.4.x < 7.4.33affected
PHP GroupPHP8.0.x < 8.0.25affected
PHP GroupPHP8.1.x < 8.1.12affected

Weaknesses

  • CWE-131: CWE-131 Incorrect Calculation of Buffer Size
  • CWE-190: CWE-190 Integer Overflow or Wraparound

ADP Enrichment

CVE Program Container

Additional References

References