CVE-2022-31630 | Zend by Perforce

CVE-2022-31630 php: OOB read due to insufficient input validation in imageloadfont()

Publication Date	2022-10-27
Severity	Moderate
Type	Information Disclosure
Affected PHP Versions	7.4.0 - 7.4.32 8.0.0 - 8.0.24 8.1.0 - 8.1.11
Fixed Product Versions	ZendPHP 7.4 ZendPHP 8.0 ZendPHP 8.1 ZendServer 2021.3.0

CVE Details

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system.

Recommendations

If you use the GD extension, and specifically its imageloadfont() function, you should upgrade to a patched version of PHP immediately.

Please note that this issue was only introduced in PHP 7.4; versions prior to that do not have the vulnerability.

< View all CVEs