DEBIAN-CVE-2022-31630

DEBIAN-CVE-2022-31630 PUBLISHED CVSS 7.099999904632568 HIGH

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Risk Scores

CVSS 3.1

7.099999904632568

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	php7.4	0, 7.4.21-1, 7.4.25-1

Exploit Intelligence

sepkascurty-cpu/CVE-2022-31630---Proof-of-Concept-Exploit-untuk-PHP-7.4.33 (github-poc-repo)
sepkascurty-cpu/php-exploit_cve-2022-31630 (github-poc)
sepkascurty-cpu/CVE-2022-31630---Proof-of-Concept-Exploit-untuk-PHP-7.4.33 (github-poc)

Timeline

Nov 14, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2022-31630 advisory

Open in Interactive Console →