Description
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
Remediation
References
Related Vulnerabilities
WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)
WordPress Plugin WordPress File Upload Arbitrary File Upload (3.8.5)
WordPress Plugin OAuth Single Sign On-SSO (OAuth Client) Cross-Site Scripting (6.20.2)
WordPress Plugin Shibboleth Cross-Site Scripting (1.7)
PHP Resource Management Errors Vulnerability (CVE-2012-0781)