Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

PHP Out-of-bounds Read Vulnerability (CVE-2022-31630)

Description

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Remediation

References

Related Vulnerabilities

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.17)

WordPress Plugin GorillaForms-Custom Contact Forms Unspecified Vulnerability (2.0.3)

WordPress Plugin WP-RESTful Multiple Cross-Site Scripting Vulnerabilities (0.1)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-5114)

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Cross-Site Request Forgery (4.4.2)

Severity

High

Classification

CVE-2022-31630 CWE-125 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Tags

Missing Update Known Vulnerabilities