Unrated severityNVD Advisory· Published Jul 28, 2022· Updated Sep 16, 2024

Heap buffer overflow in finfo_buffer

CVE-2022-31627

Description

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

Affected products

Php Group/PHPv5
Range: 8.1.X

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.gentoo.org/glsa/202209-20mitrevendor-advisoryx_refsource_GENTOO
bugs.php.net/bug.phpmitrex_refsource_MISC
security.netapp.com/advisory/ntap-20220826-0008/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000