QID 355222

A vulnerability was found in php.
This issue occurs due to memory corruption in the finfo_buffer() function and a bad patch of the libmagic library.
This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash. (
( CVE-2022-31627) in php versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. (
( CVE-2022-31628) in php versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a or cookie by php applications. (
( CVE-2022-31629) in php versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used.
This can lead to crashes or disclosure of confidential information. (
( CVE-2022-31630) a flaw was found in php.
This issue occurs due to an uncaught integer overflow in pdo::quote() of pdo_sqlite returning an improperly quoted string.
With the implementation of sqlite3_snprintf(), it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place.

Successful exploitation of this vulnerability could lead to a securitybreach or could affect integrity, availability, and confidentiality.