| Vulnerability Name: | CVE-2022-31630 (CCN-240578) | ||||||||||||||||||
| Assigned: | 2022-10-12 | ||||||||||||||||||
| Published: | 2022-10-12 | ||||||||||||||||||
| Updated: | 2022-12-23 | ||||||||||||||||||
| Summary: | In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. | ||||||||||||||||||
| CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) 5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
5.9 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
5.9 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:P/RL:O/RC:C)
| ||||||||||||||||||
| CVSS v2 Severity: | 6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P)
| ||||||||||||||||||
| Vulnerability Type: | CWE-125 | ||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2022-31630 Source: CCN Type: Sec BugĀ #81739 OOB read due to insufficient input validation in imageloadfont() Source: security@php.net Type: Exploit, Issue Tracking, Patch, Vendor Advisory security@php.net Source: XF Type: UNKNOWN php-cve202231630-info-disc(240578) Source: CCN Type: Mend Vulnerability Database CVE-2022-31630 Source: CCN Type: PHP Web site PHP | ||||||||||||||||||
| Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||||
| Oval Definitions | |||||||||||||||||||
| |||||||||||||||||||
| BACK | |||||||||||||||||||