DEBIAN-CVE-2022-31630
Advisory lineage Upstream: 1 Downstream: 1
Upstream
Downstream
Published: 14 Nov 2022, 07:15
Last modified:28 Apr 2026, 20:24
Vulnerability Summary
Overall Risk (default)
medium
28/100 CVSS Score
7.1 HIGH
3.1 (osv_debian)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
14 Nov 2022, 07:15
Published
Vulnerability first disclosed
28 Apr 2026, 20:24
Last Modified
Vulnerability information updated
Description
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVSS Metrics
- v3.1•HIGH•Score: 7.1CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Affected Systems
- debian•php7.4
< 7.4.33-1+deb11u1