CVE-2022-31630
published 2022-11-14CVE-2022-31630: In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font…
PriorityP430high7.1CVSS 3.1
AVLACLPRNUIRSUCHINAH
EPSS
2.20%
80.3th percentile
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php7.4 | < php7.4 7.4.33-1+deb11u1 (bullseye) | php7.4 7.4.33-1+deb11u1 (bullseye) |
| php | php | >= 7.4.0 < 7.4.33 | 7.4.33 |
| php | php | >= 8.0.0 < 8.0.25 | 8.0.25 |
| php | php | >= 8.1.0 < 8.1.12 | 8.1.12 |
| php_group | php | >= 7.4.x < 7.4.33 | 7.4.33 |
| php_group | php | >= 8.0.x < 8.0.25 | 8.0.25 |
| php_group | php | >= 8.1.x < 8.1.12 | 8.1.12 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
osv7.1HIGH
vendor_oracle7.1MEDIUM
vendor_debian6.5MEDIUM
vendor_redhat6.5MEDIUM
vendor_ubuntu2.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jw98-jrc9-mrx5: In PHP versions prior to 7
ghsa_unreviewed·2022-11-14
CVE-2022-31630 [HIGH] CWE-125 GHSA-jw98-jrc9-mrx5: In PHP versions prior to 7
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
OSV
CVE-2022-31630: In PHP versions prior to 7
osv·2022-11-14·CVSS 7.1
CVE-2022-31630 [HIGH] CVE-2022-31630: In PHP versions prior to 7
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
OSV
php7.2, php7.4, php8.1 vulnerabilities
osv·2022-11-08·CVSS 5.5
CVE-2022-31628 [MEDIUM] php7.2, php7.4, php8.1 vulnerabilities
php7.2, php7.4, php8.1 vulnerabilities
It was discovered that PHP incorrectly handled certain gzip files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-31628)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to compromise the data
(CVE-2022-31629)
It was discovered that PHP incorrectly handled certain image fonts.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.
(CVE-2022-31630)
Nicky Mouha discovered that PHP incorrectly handled certain SHA-3 operations.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22
Oracle
Oracle Oracle Communications Risk Matrix: Platform (PHP) — CVE-2022-31630
vendor_oracle·2023-04-15·CVSS 7.1
CVE-2022-31630 [MEDIUM] Oracle Oracle Communications Risk Matrix: Platform (PHP) — CVE-2022-31630
Oracle Oracle Communications Risk Matrix: Platform (PHP) vulnerability
CVE: CVE-2022-31630
CVSS: 7.1
Protocol: None
Remote exploit: No
Affected versions: Local
Advisory: cpuapr2023 (APR 2023)
Ubuntu
PHP vulnerabilities
vendor_ubuntu·2022-11-08·CVSS 2.3
CVE-2022-31630 [LOW] PHP vulnerabilities
Title: PHP vulnerabilities
Summary: Several security issues were fixed in PHP.
It was discovered that PHP incorrectly handled certain gzip files.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2022-31628)
It was discovered that PHP incorrectly handled certain cookies.
An attacker could possibly use this issue to compromise the data
(CVE-2022-31629)
It was discovered that PHP incorrectly handled certain image fonts.
An attacker could possibly use this issue to expose sensitive information.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.10, and Ubuntu 22.04 LTS.
(CVE-2022-31630)
Nicky Mouha discovered that PHP incorrectly handled certain SHA-3 operations.
An attacker could possibly use this issue to cause a crash
or execute arbitrary code. This issue
Red Hat
php: OOB read due to insufficient input validation in imageloadfont()
vendor_redhat·2022-10-27·CVSS 6.5
CVE-2022-31630 [MEDIUM] CWE-20 php: OOB read due to insufficient input validation in imageloadfont()
php: OOB read due to insufficient input validation in imageloadfont()
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system.
Package: php (Red Hat Enterprise Linux 6) - Not affected
Package: php (Red Hat Enterprise Linux 7)
Debian
CVE-2022-31630: php7.4 - In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() f...
vendor_debian·2022·CVSS 6.5
CVE-2022-31630 [MEDIUM] CVE-2022-31630: php7.4 - In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() f...
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Scope: local
bullseye: resolved (fixed in 7.4.33-1+deb11u1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-14
Published