CVE-2022-31627

Updated: 2025-08-20 02:35:36.319636

Description:

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0.0
CVSS Version 3.x CRITICAL 9.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement
Alpine Linux 3.22 php 7.3 9.8 CRITICAL Not Vulnerable 2026-02-16 14:41:42
Alpine Linux 3.22 php 7.4 9.8 CRITICAL Not Vulnerable 2026-01-23 13:40:33
Alpine Linux 3.22 php 8.1 9.8 CRITICAL Already Fixed 2026-02-18 11:30:46
Debian 10 php 8.0 9.8 CRITICAL Not Vulnerable 2025-05-29 03:53:44
Debian 10 php 5.6 9.8 CRITICAL Not Vulnerable 2025-05-29 03:53:45
Debian 10 php 7.3 9.8 CRITICAL Not Vulnerable 2025-05-29 03:53:45
Debian 10 php 8.2 9.8 CRITICAL Not Vulnerable 2025-05-29 03:53:44
Debian 10 php 8.1 9.8 CRITICAL Not Vulnerable 2025-05-29 03:53:44
Debian 10 php 7.0 9.8 CRITICAL Not Vulnerable 2025-05-29 03:53:45
Debian 10 php 7.1 9.8 CRITICAL Not Vulnerable 2025-05-29 03:53:45
Total: 140