Vulnerability DatabaseCVE-2022-31630

CVE-2022-31630:
PHP vulnerability analysis and mitigation

Overview

CVE-2022-31630 affects PHP versions prior to 7.4.33, 8.0.25, and 8.1.12. The vulnerability exists in the imageloadfont() function within the GD extension, where a specially crafted font file can trigger an out-of-bounds read vulnerability when used with the imagechar() function (CVE Mitre).

Technical details

The vulnerability was introduced by commit 88b603768f8e5074ad5cbdccc1e0779089fac9d0 in PHP 7.4.0-alpha2. The issue occurs due to insufficient input validation in the imageloadfont() function, which allows for a zero-byte memory allocation to gdFont.data. When this malformed font is subsequently used with imagechar(), it triggers an out-of-bounds read beyond the allocated buffer (PHP Bug).

Impact

The exploitation of this vulnerability can lead to crashes or disclosure of confidential information through out-of-bounds read operations. This is particularly concerning for applications that allow users to upload and process arbitrary font files (NVD).

Mitigation and workarounds

The vulnerability has been fixed in PHP versions 7.4.33, 8.0.25, and 8.1.12. Users should upgrade to these or later versions to mitigate the risk. The fix involves additional overflow checks to prevent the zero-byte memory allocation issue (PHP Bug).

Additional resources

Source: This report was generated using AI

7.1

Score

Published November 14, 2022

Severity HIGH

CNA Score 6.5

Affected Technologies

PHP
Rocky Linux

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 8.3

Exploitation Probability (EPSS) N/A

Affected packages and libraries

php:8.0::php-pear
php7-ctype

Sources

AlmaLinux Security Advisory
- AlmaLinux 8 Severity MEDIUMHas FixAdded at: Feb 22, 2023
- AlmaLinux 9 Severity MEDIUMHas FixAdded at: Feb 28, 2023
Alpine Security Tracker
- Alpine 3.14 Severity HIGHHas FixAdded at: Nov 04, 2022
- Alpine 3.15, 3.16 Severity HIGHHas FixAdded at: Oct 26, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 11 Severity HIGHHas FixAdded at: Oct 29, 2022
Gentoo Advisory Database
- Gentoo Severity MEDIUMHas FixAdded at: Nov 22, 2022
Homebrew
- Homebrew Severity HIGHHas FixAdded at: Feb 12, 2024
Red Hat Errata
- Red Hat 8 Severity MEDIUMHas FixAdded at: Nov 02, 2022
- Red Hat 9 Severity MEDIUMHas FixAdded at: Nov 02, 2022
Rocky Linux Product Errata
- Rocky 9 Severity MEDIUMHas FixAdded at: May 14, 2023
Ubuntu Security Tracker
- Ubuntu 20.04, 22.04, 22.10 Severity MEDIUMHas FixAdded at: Nov 10, 2022
- Ubuntu 23.04 Severity MEDIUMHas FixAdded at: May 14, 2023
NVD
- Linux Severity HIGHHas FixAdded at: Nov 16, 2022
- Windows Severity HIGHHas FixAdded at: Nov 06, 2022