php: OOB read due to insufficient input validation in imageloadfont()

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...

RHEL 9 : php (RHSA-2023:0965)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0965 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later...

Oracle Linux 9 : php (ELSA-2023-0965)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0965 advisory. 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

Oracle Linux 8 : php:8.0 (ELSA-2023-0848)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-0848 advisory. php 8.0.27-1 - rebase to 8.0.27 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessu...

Rocky Linux 8 : php:8.0 (RLSA-2023:0848)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:0848 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute...

php: OOB read due to insufficient input validation in imageloadfont()

An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...

ALSA-2023:0848 Moderate: php:8.0 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php 8.0. BZ2161666 Security Fixes: XKCP: buffer overflow in the SHA-3 reference implementation CVE-2022-37454 php: standard insecure cookie...

SUSE CVE-2008-3658

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted font file...

The vulnerability of the imageloadfont() function in the PHP programming language allows a malicious actor to gain unauthorized access to protected information or cause service failures.

The vulnerability of the imageloadfont function in the PHP programming language is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...

Fedora 35 : php (2022-f2a5082860)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f2a5082860 advisory. PHP version 8.0.25 27 Oct 2022 GD: Fixed bug php81739: OOB read due to insufficient input validation in imageloadfont. CVE-2022-31630 cmb Hash: Fixe...

ROS-20221222-04

A vulnerability in the PHP programming language interpreter is related to boundary conditions in the function imageloadfont. Exploitation of the vulnerability could allow an attacker acting remotely to pass the specially crafted data to a web application, cause a read error outside of the boundar...

PHP 8.2.x < 8.2.0 Multiple Vulnerabilities

The version of PHP installed on the remote host is prior to 8.2.0. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.2.0 advisory. - In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply ...

GLSA-202211-03 : PHP: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202211-03 PHP: Multiple Vulnerabilities - In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. CVE-2022-31628 - In PHP versions...

SUSE SLES15 Security Update : php8 (SUSE-SU-2022:4005-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4005-1 advisory. - In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a...

CLSA-2022-1668468696 php: Fix of 3 CVEs

CVE-2022-37454: Fix buffer overflow in the Keccak XKCP SHA-3 reference implementation - CVE-2022-31630: Fix OOB read due to insufficient input validation in imageloadfont - CVE-2021-21707: Fix improper handlig of special character which breaks path in xml parsing...

CLSA-2022-1668467919 php: Fix of 3 CVEs

CVE-2022-37454: Fix buffer overflow in the Keccak XKCP SHA-3 reference implementation - CVE-2022-31630: Fix OOB read due to insufficient input validation in imageloadfont - CVE-2021-21707: Fix improper handlig of special character which breaks path in xml parsing...

DEBIAN-CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

CVE-2022-31630

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...

Design/Logic Flaw

In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...