CVE-2022-31630

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2022-31630
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2022-11-14 07:15:00 UTC
Updated2024-04-02 03:15:00 UTC
DescriptionIn PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Risk And Classification

Problem Types: CWE-125

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Php Php All All All All

References

ReferenceSourceLinkTags
PHP :: Sec Bug #81739 :: OOB read due to insufficient input validation in imageloadfont() MISC bugs.php.net
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 150595 PHP Insufficient Input Validation Vulnerability (CVE-2022-31630)
  • 160478 Oracle Enterprise Linux Security Update for php:8.0 (ELSA-2023-0848)
  • 160486 Oracle Enterprise Linux Security Update for Hypertext Preprocessor (PHP) (ELSA-2023-0965)
  • 160592 Oracle Enterprise Linux Security Update for 8.1 (ELSA-2023-2417)
  • 160672 Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2023-2903)
  • 181210 Debian Security Update for php7.4 (DSA 5277-1)
  • 199021 Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5717-1)
  • 241205 Red Hat Update for php:8.0 (RHSA-2023:0848)
  • 241219 Red Hat Update for Hypertext Preprocessor (PHP) (RHSA-2023:0965)
  • 241447 Red Hat Update for php:8.1 (RHSA-2023:2417)
  • 241540 Red Hat Update for php:7.4 (RHSA-2023:2903)
  • 283268 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-f2a5082860)
  • 283279 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-1ecc10276e)
  • 283450 Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-f204e1d0ed)
  • 296098 Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)
  • 354414 Amazon Linux Security Advisory for php8.1 : ALAS2022-2022-243
  • 354548 Amazon Linux Security Advisory for php8.1 : ALAS-2022-243
  • 355222 Amazon Linux Security Advisory for php8.1 : ALAS2023-2023-081
  • 356067 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-001
  • 356071 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-004
  • 356079 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-001
  • 356091 Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2PHP8.0-2023-004
  • 378747 Alibaba Cloud Linux Security Update for php:7.4 (ALINUX3-SA-2023:0088)
  • 38880 Hypertext Preprocessor (PHP) Multiple Security Vulnerabilities (81738, 81739)
  • 502574 Alpine Linux Security Update for php8
  • 502576 Alpine Linux Security Update for php8
  • 502577 Alpine Linux Security Update for php81
  • 502593 Alpine Linux Security Update for php7
  • 503213 Alpine Linux Security Update for php82
  • 503679 Alpine Linux Security Update for php7
  • 505229 Alpine Linux Security Update for php81
  • 506153 Alpine Linux Security Update for php82
  • 672601 EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2023-1332)
  • 710684 Gentoo Linux Hypertext Preprocessor (PHP) Multiple Vulnerabilities (GLSA 202211-03)
  • 752863 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:3997-1)
  • 752898 SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4069-1)
  • 752901 SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:4068-1)
  • 752927 SUSE Enterprise Linux Security Update for php8 (SUSE-SU-2022:4005-1)
  • 940930 AlmaLinux Security Update for php:8.0 (ALSA-2023:0848)
  • 940947 AlmaLinux Security Update for Hypertext Preprocessor (PHP) (ALSA-2023:0965)
  • 941025 AlmaLinux Security Update for php:8.1 (ALSA-2023:2417)
  • 941091 AlmaLinux Security Update for php:7.4 (ALSA-2023:2903)
  • 960657 Rocky Linux Security Update for php:8.0 (RLSA-2023:0848)
  • 960904 Rocky Linux Security Update for Hypertext Preprocessor (PHP) (RLSA-2023:0965)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report