CVE-2022-31630

Updated: 2024-04-02 03:12:43.732866

Description:

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.1

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 6 ELS php 5.3.3 7.1 HIGH Not Vulnerable 2022-11-08 16:02:48
CentOS 7 ELS php 5.4.16 7.1 HIGH Not Vulnerable 2024-01-22 08:40:42
CentOS 8.4 ELS php 7.4.6 7.1 HIGH Released CLSA-2022:1668467919 2022-11-14 20:26:24
CentOS 8.5 ELS php 7.4.19 7.1 HIGH Released CLSA-2022:1668468696 2022-11-14 20:26:25
CloudLinux 6 ELS php 5.3.3 7.1 HIGH Not Vulnerable 2022-11-08 16:02:48
Oracle Linux 6 ELS php 5.3.3 7.1 HIGH Not Vulnerable 2022-11-08 16:02:48
Ubuntu 16.04 ELS php 7.0.33 7.1 HIGH Not Vulnerable 2022-11-08 16:02:48
Ubuntu 18.04 ELS php 7.2.24-0 7.1 HIGH Not Vulnerable 2023-11-06 04:16:06