CVE-2022-31630

Advisory lineage Upstream: 0 Downstream: 13
Modified
Published: 14 Nov 2022, 06:53
Last modified:03 Aug 2024, 07:26

Vulnerability Summary

Overall Risk (default)
medium
38/100
CVSS Score
7.1 HIGH
v3.1 (nvd)
EPSS Score
0.05% LOW
0% probability -0.01%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

14 Nov 2022, 06:53
Published
Vulnerability first disclosed
03 Aug 2024, 07:26
Last Modified
Vulnerability information updated

Description

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
  • v3.1HIGHScore: 7.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

EPSS Trends

Current EPSS score: 0.05% Percentile: 15%

Techniques & Countermeasures

  • CWE-131Incorrect Calculation of Buffer Size

    The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

  • CWE-190Integer Overflow or Wraparound

    The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

  • CWE-125Out-of-bounds Read

    The product reads data past the end, or before the beginning, of the intended buffer.

Affected Systems

  • UnknownPHP

    ≥ 7.4.x, < 7.4.33 | ≥ 8.0.x, < 8.0.25 | ≥ 8.1.x, < 8.1.12

  • UnknownPHP

    ≥ 7.4.0, < 7.4.33 | ≥ 8.0.0, < 8.0.25 | ≥ 8.1.0, < 8.1.12

References (1)