// For flags

CVE-2022-31630

OOB read due to insufficient input validation in imageloadfont()

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

En versiones de PHP anteriores a 7.4.33, 8.0.25 y 8.2.12, cuando se usa la función imageloadfont() en la extensión gd, es posible proporcionar un archivo de fuente especialmente manipulado, como si la fuente cargada se usa con imagechar() función, se utilizará la lectura fuera del búfer asignado. Esto puede provocar fallos o divulgación de información confidencial.

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system.

*Credits: cmb@php.net, cmb@php.net
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2022-05-25 CVE Reserved
  • 2022-11-09 CVE Published
  • 2024-06-06 EPSS Updated
  • 2024-08-03 CVE Updated
  • 2024-08-03 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
  • CWE-131: Incorrect Calculation of Buffer Size
  • CWE-190: Integer Overflow or Wraparound
CAPEC
  • CAPEC-540: Overread Buffers
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 7.4.0 < 7.4.33
Search vendor "Php" for product "Php" and version " >= 7.4.0 < 7.4.33"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 8.0.0 < 8.0.25
Search vendor "Php" for product "Php" and version " >= 8.0.0 < 8.0.25"
-
Affected
Php
Search vendor "Php"
Php
Search vendor "Php" for product "Php"
>= 8.1.0 < 8.1.12
Search vendor "Php" for product "Php" and version " >= 8.1.0 < 8.1.12"
-
Affected