{"api_version":"1","generated_at":"2026-04-23T02:37:48+00:00","cve":"CVE-2022-31630","urls":{"html":"https://cve.report/CVE-2022-31630","api":"https://cve.report/api/cve/CVE-2022-31630.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-31630","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-31630"},"summary":{"title":"CVE-2022-31630","description":"In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.","state":"PUBLIC","assigner":"security@php.net","published_at":"2022-11-14 07:15:00","updated_at":"2024-04-02 03:15:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://bugs.php.net/bug.php?id=81739","name":"https://bugs.php.net/bug.php?id=81739","refsource":"MISC","tags":[],"title":"PHP :: Sec Bug #81739 :: OOB read due to insufficient input validation in imageloadfont()","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-31630","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-31630","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"31630","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"php","cpe5":"php","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-31630","qid":"150595","title":"PHP Insufficient Input Validation Vulnerability (CVE-2022-31630)"},{"cve":"CVE-2022-31630","qid":"160478","title":"Oracle Enterprise Linux Security Update for php:8.0 (ELSA-2023-0848)"},{"cve":"CVE-2022-31630","qid":"160486","title":"Oracle Enterprise Linux Security Update for Hypertext Preprocessor (PHP) (ELSA-2023-0965)"},{"cve":"CVE-2022-31630","qid":"160592","title":"Oracle Enterprise Linux Security Update for 8.1 (ELSA-2023-2417)"},{"cve":"CVE-2022-31630","qid":"160672","title":"Oracle Enterprise Linux Security Update for php:7.4 (ELSA-2023-2903)"},{"cve":"CVE-2022-31630","qid":"181210","title":"Debian Security Update for php7.4 (DSA 5277-1)"},{"cve":"CVE-2022-31630","qid":"199021","title":"Ubuntu Security Notification for Hypertext Preprocessor (PHP) Vulnerabilities (USN-5717-1)"},{"cve":"CVE-2022-31630","qid":"241205","title":"Red Hat Update for php:8.0 (RHSA-2023:0848)"},{"cve":"CVE-2022-31630","qid":"241219","title":"Red Hat Update for Hypertext Preprocessor (PHP) (RHSA-2023:0965)"},{"cve":"CVE-2022-31630","qid":"241447","title":"Red Hat Update for php:8.1 (RHSA-2023:2417)"},{"cve":"CVE-2022-31630","qid":"241540","title":"Red Hat Update for php:7.4 (RHSA-2023:2903)"},{"cve":"CVE-2022-31630","qid":"283268","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-f2a5082860)"},{"cve":"CVE-2022-31630","qid":"283279","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-1ecc10276e)"},{"cve":"CVE-2022-31630","qid":"283450","title":"Fedora Security Update for Hypertext Preprocessor (PHP) (FEDORA-2022-f204e1d0ed)"},{"cve":"CVE-2022-31630","qid":"296098","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 52.132.2 Missing (CPUOCT2022)"},{"cve":"CVE-2022-31630","qid":"354414","title":"Amazon Linux Security Advisory for php8.1 : ALAS2022-2022-243"},{"cve":"CVE-2022-31630","qid":"354548","title":"Amazon Linux Security Advisory for php8.1 : ALAS-2022-243"},{"cve":"CVE-2022-31630","qid":"355222","title":"Amazon Linux Security Advisory for php8.1 : ALAS2023-2023-081"},{"cve":"CVE-2022-31630","qid":"356067","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-001"},{"cve":"CVE-2022-31630","qid":"356071","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.0-2023-004"},{"cve":"CVE-2022-31630","qid":"356079","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALASPHP8.1-2023-001"},{"cve":"CVE-2022-31630","qid":"356091","title":"Amazon Linux Security Advisory for Hypertext Preprocessor (PHP) : ALAS2PHP8.0-2023-004"},{"cve":"CVE-2022-31630","qid":"378747","title":"Alibaba Cloud Linux Security Update for php:7.4 (ALINUX3-SA-2023:0088)"},{"cve":"CVE-2022-31630","qid":"38880","title":"Hypertext Preprocessor (PHP) Multiple Security Vulnerabilities (81738, 81739)"},{"cve":"CVE-2022-31630","qid":"502574","title":"Alpine Linux Security Update for php8"},{"cve":"CVE-2022-31630","qid":"502576","title":"Alpine Linux Security Update for php8"},{"cve":"CVE-2022-31630","qid":"502577","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2022-31630","qid":"502593","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2022-31630","qid":"503213","title":"Alpine Linux Security Update for php82"},{"cve":"CVE-2022-31630","qid":"503679","title":"Alpine Linux Security Update for php7"},{"cve":"CVE-2022-31630","qid":"505229","title":"Alpine Linux Security Update for php81"},{"cve":"CVE-2022-31630","qid":"506153","title":"Alpine Linux Security Update for php82"},{"cve":"CVE-2022-31630","qid":"672601","title":"EulerOS Security Update for Hypertext Preprocessor (PHP) (EulerOS-SA-2023-1332)"},{"cve":"CVE-2022-31630","qid":"710684","title":"Gentoo Linux Hypertext Preprocessor (PHP) Multiple Vulnerabilities (GLSA 202211-03)"},{"cve":"CVE-2022-31630","qid":"752863","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:3997-1)"},{"cve":"CVE-2022-31630","qid":"752898","title":"SUSE Enterprise Linux Security Update for php7 (SUSE-SU-2022:4069-1)"},{"cve":"CVE-2022-31630","qid":"752901","title":"SUSE Enterprise Linux Security Update for php74 (SUSE-SU-2022:4068-1)"},{"cve":"CVE-2022-31630","qid":"752927","title":"SUSE Enterprise Linux Security Update for php8 (SUSE-SU-2022:4005-1)"},{"cve":"CVE-2022-31630","qid":"940930","title":"AlmaLinux Security Update for php:8.0 (ALSA-2023:0848)"},{"cve":"CVE-2022-31630","qid":"940947","title":"AlmaLinux Security Update for Hypertext Preprocessor (PHP) (ALSA-2023:0965)"},{"cve":"CVE-2022-31630","qid":"941025","title":"AlmaLinux Security Update for php:8.1 (ALSA-2023:2417)"},{"cve":"CVE-2022-31630","qid":"941091","title":"AlmaLinux Security Update for php:7.4 (ALSA-2023:2903)"},{"cve":"CVE-2022-31630","qid":"960657","title":"Rocky Linux Security Update for php:8.0 (RLSA-2023:0848)"},{"cve":"CVE-2022-31630","qid":"960904","title":"Rocky Linux Security Update for Hypertext Preprocessor (PHP) (RLSA-2023:0965)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-31630","ASSIGNER":"security@php.net","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-131 Incorrect Calculation of Buffer Size","cweId":"CWE-131"}]},{"description":[{"lang":"eng","value":"CWE-190 Integer Overflow or Wraparound","cweId":"CWE-190"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"PHP Group","product":{"product_data":[{"product_name":"PHP","version":{"version_data":[{"version_value":"7.4.x","version_affected":"="},{"version_value":"8.0.x","version_affected":"="},{"version_value":"8.1.x","version_affected":"="}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugs.php.net/bug.php?id=81739","refsource":"MISC","name":"https://bugs.php.net/bug.php?id=81739"}]},"generator":{"engine":"Vulnogram 0.1.0-dev"},"source":{"defect":["https://bugs.php.net/bug.php?id=81739"],"discovery":"INTERNAL"},"configuration":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"gd extension"}],"value":"gd extension"}],"credits":[{"lang":"en","value":"cmb@php.net"},{"lang":"en","value":"cmb@php.net"}],"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","version":"3.1"}]}},"nvd":{"publishedDate":"2022-11-14 07:15:00","lastModifiedDate":"2024-04-02 03:15:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.12","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.33","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}