VYPR
Medium severity6.5NVD Advisory· Published Nov 14, 2022· Updated Jun 17, 2026

CVE-2022-31630

CVE-2022-31630

Description

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

82

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.