CVE-2022-31630
Published: 31 October 2022
In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Notes
| Author | Note |
|---|---|
| sbeattie | PEAR issues should go against php-pear as of xenial |
| leosilva | introduced by 88b603768f8e5074ad5cbdccc1e0779089fac9d0 in php7.40.alpha2. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
php5 Launchpad, Ubuntu, Debian |
jammy |
Does not exist
|
| kinetic |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| trusty |
Not vulnerable
|
|
| bionic |
Does not exist
|
|
| focal |
Does not exist
|
|
|
php7.0 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
php7.2 Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
| bionic |
Not vulnerable
|
|
|
php7.4 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Released
(7.4.3-4ubuntu2.15)
|
|
| jammy |
Does not exist
|
|
| kinetic |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
php8.1 Launchpad, Ubuntu, Debian |
bionic |
Does not exist
|
| focal |
Does not exist
|
|
| jammy |
Released
(8.1.2-1ubuntu2.8)
|
|
| kinetic |
Released
(8.1.7-1ubuntu3.1)
|
|
| lunar |
Released
(8.1.12-1ubuntu2)
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(8.1.12)
|
|
| xenial |
Does not exist
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.1 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H |