High severity7.7NVD Advisory· Published Jul 28, 2022· Updated Jun 17, 2026
CVE-2022-31627
CVE-2022-31627
Description
In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- osv-coords4 versionspkg:bitnami/libphppkg:bitnami/phppkg:bitnami/php-minpkg:rpm/opensuse/php8&distro=openSUSE%20Tumbleweed
>= 8.1.0, < 8.1.8+ 3 more
- (no CPE)range: >= 8.1.0, < 8.1.8
- (no CPE)range: >= 8.1.0, < 8.1.8
- (no CPE)range: >= 8.1.0, < 8.1.8
- (no CPE)range: < 8.1.8-1.1
Patches
Vulnerability mechanics
References
3- bugs.php.net/bug.phpnvdExploitIssue TrackingPatchThird Party Advisory
- security.gentoo.org/glsa/202209-20nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20220826-0008/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.