Sign In

CVE-2022-31630

ADVISORY - nist

Summary

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

EPSS Score: 0.00051 (0.156)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-125

Out-of-bounds Read

CWE-131

Incorrect Calculation of Buffer Size

CWE-190

Integer Overflow or Wraparound

ADVISORY - redhat

CWE-125

Out-of-bounds Read

CWE-20

Improper Input Validation

Impacted images

Advisories
Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in