Description
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Facebook Multiple Cross-Site Scripting Vulnerabilities (1.0.10)
WordPress Plugin Awesome Studio Cross-Site Scripting (1.0.7)
WordPress Plugin Upload File Type Settings Cross-Site Scripting (1.1)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-46816)
WordPress Plugin JS MultiHotel Multiple Vulnerabilities (2.2.1)