In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: php

Published: 2022-11-14T06:53:06.774Z

Updated: 2024-08-03T07:26:01.044Z

Reserved: 2022-05-25T21:03:32.861Z

Link: CVE-2022-31630

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-11-14T07:15:09.467

Modified: 2024-04-02T03:15:07.973

Link: CVE-2022-31630

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-10-27T00:00:00Z

Links: CVE-2022-31630 - Bugzilla