In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: php
Published: 2022-11-14T06:53:06.774Z
Updated: 2024-08-03T07:26:01.044Z
Reserved: 2022-05-25T21:03:32.861Z
Link: CVE-2022-31630
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-11-14T07:15:09.467
Modified: 2024-11-21T07:04:53.693
Link: CVE-2022-31630
Redhat