In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
References
Link | Resource |
---|---|
https://bugs.php.net/bug.php?id=81739 | Exploit Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: php
Published: 2022-11-14T06:53:06.774Z
Updated: 2024-04-02T02:38:25.144Z
Reserved: 2022-05-25T21:03:32.861Z
Link: CVE-2022-31630
JSON object: View
NVD Information
Status : Modified
Published: 2022-11-14T07:15:09.467
Modified: 2024-04-02T03:15:07.973
Link: CVE-2022-31630
JSON object: View
Redhat Information
No data.