CVE-2022-31630
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PHP Group | PHP | 7.4.x < 7.4.33 | affected |
| PHP Group | PHP | 8.0.x < 8.0.25 | affected |
| PHP Group | PHP | 8.1.x < 8.1.12 | affected |
Weaknesses
- CWE-131: CWE-131 Incorrect Calculation of Buffer Size
- CWE-190: CWE-190 Integer Overflow or Wraparound
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.