Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-31630

Опубликовано: 14 нояб. 2022
Источник: debian

Описание

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php8.1fixed8.1.12-1package
php7.4removedpackage
php7.3not-affectedpackage

Примечания

  • Fixed in 8.1.12, 8.0.25, 7.4.33

  • PHP Bug: https://bugs.php.net/bug.php?id=81739

  • Introduced by: https://github.com/php/php-src/commit/88b603768f8e5074ad5cbdccc1e0779089fac9d0 (php-7.4.0alpha2)

  • Fixed by: https://github.com/php/php-src/commit/ac45ce85c8750a6fb9745093180674d029acc5bd (PHP-8.1.12)

Связанные уязвимости

ubuntu логотип

CVE-2022-31630

CVSS3: 6.5
ubuntu
около 3 лет назад

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

redhat логотип

CVE-2022-31630

CVSS3: 6.5
redhat
около 3 лет назад

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

nvd логотип

CVE-2022-31630

CVSS3: 6.5
nvd
около 3 лет назад

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

github логотип

GHSA-jw98-jrc9-mrx5

CVSS3: 7.1
github
около 3 лет назад

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

fstec логотип

BDU:2022-07409

CVSS3: 7.1
fstec
около 3 лет назад

Уязвимость функции imageloadfont() интерпретатора языка программирования PHP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или вызвать отказ в обслуживании