CVE-2022-31630
OOB read due to insufficient input validation in imageloadfont()
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
En versiones de PHP anteriores a 7.4.33, 8.0.25 y 8.2.12, cuando se usa la función imageloadfont() en la extensión gd, es posible proporcionar un archivo de fuente especialmente manipulado, como si la fuente cargada se usa con imagechar() función, se utilizará la lectura fuera del búfer asignado. Esto puede provocar fallos o divulgación de información confidencial.
An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-25 CVE Reserved
- 2022-11-09 CVE Published
- 2024-06-06 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
- CWE-131: Incorrect Calculation of Buffer Size
- CWE-190: Integer Overflow or Wraparound
CAPEC
- CAPEC-540: Overread Buffers
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugs.php.net/bug.php?id=81739 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2022-31630 | 2023-05-16 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2139280 | 2023-05-16 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 7.4.0 < 7.4.33 Search vendor "Php" for product "Php" and version " >= 7.4.0 < 7.4.33" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.0.0 < 8.0.25 Search vendor "Php" for product "Php" and version " >= 8.0.0 < 8.0.25" | - |
Affected
| ||||||
Php Search vendor "Php" | Php Search vendor "Php" for product "Php" | >= 8.1.0 < 8.1.12 Search vendor "Php" for product "Php" and version " >= 8.1.0 < 8.1.12" | - |
Affected
|