CVE-2022-31630

Name
CVE-2022-31630
Description
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://bugs.php.net/bug.php?id=81739

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 8.2.0 < 8.2.12
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 8.0.0 < 8.0.25
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= None < 7.4.33
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 8.1.0 < 8.1.12
cpe:2.3:a:php:php:*:*:*:*:*:*:*:* php >= 7.4.0 < 7.4.33

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
php82 edge-community 8.2.0_rc5-r0 None fixed
php82 3.22-community 8.2.0_rc5-r0 None fixed
php82 3.21-community 8.2.0_rc5-r0 None fixed
php82 3.20-community 8.2.0_rc5-r0 None fixed
php82 3.19-community 8.2.0_rc5-r0 None fixed
php82 3.18-community 8.2.0_rc5-r0 None fixed
php81 edge-community 8.1.12-r0 Andy Postnikov <apostnikov@gmail.com> fixed
php81 3.19-community 8.1.12-r0 None fixed
php81 3.18-community 8.1.12-r0 None fixed
php81 3.17-community 8.1.12-r0 None fixed
php8 edge-community 8.0.25-r0 Andy Postnikov <apostnikov@gmail.com> fixed