Innovate faster and cut risk with PHP experts from Zend Services.
Explore Services
Beginning to advanced PHP classes to learn and earn global certification.
Help me choose >
Explore Training
Submit support requests and browse self-service resources.
Explore Support
CVE-2022-31630 php: OOB read due to insufficient input validation in imageloadfont()
An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont() function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system.
imageloadfont()
If you use the GD extension, and specifically its imageloadfont() function, you should upgrade to a patched version of PHP immediately.
Please note that this issue was only introduced in PHP 7.4; versions prior to that do not have the vulnerability.
Direct link to CVE-2022-31630 >
< View all CVEs