72 matches found
CVE-2022-31630 OOB read due to insufficient input validation in imageloadfont()
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...
CVE-2022-31630
CVE-2022-31630 is a PHP gd imageloadfont() vulnerability. Connected advisories confirm the issue occurs in PHP versions prior to 7.4.33 and specific 8.x series (e.g., 8.0.25, 8.1.12/8.2.12), where a specially crafted font file used with imagechar() can cause an out-of-bounds read, leading to cras...
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...
Slackware Linux 15.0 / current php Multiple Vulnerabilities (SSA:2022-314-01)
The version of php installed on the remote host is prior to 7.4.33. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-314-01 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allo...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : PHP vulnerabilities (USN-5717-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5717-1 advisory. It was discovered that PHP incorrectly handled certain gzip files. An attacker could possibly use this issue to cause a denial of...
PHP 8.1.x < 8.1.12 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.33, 8.0.x prior to 8.0.25, or 8.1.x prior to 8.1.12. It is, therefore, affected by multiple vulnerabilities: - An OOB read due to insufficient input validation in imageloadfont...
PHP 7.4.x < 7.4.33 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 7.4.x prior to 7.4.33, 8.0.x prior to 8.0.25, or 8.1.x prior to 8.1.12. It is, therefore, affected by multiple vulnerabilities: - An OOB read due to insufficient input validation in imageloadfont...
PHP 7.4.x < 7.4.33 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 7.4.33. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 7.4.33 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allow...
CVE-2022-31630
An out-of-bounds read flaw was found in PHP due to insufficient input validation in the imageloadfont function. This flaw allows a remote attacker to pass specially crafted data to the web application, trigger an out-of-bounds read error, and read the contents of memory on the system...
Slackware Linux 15.0 / current php80 Multiple Vulnerabilities (SSA:2022-304-02)
The version of php80 installed on the remote host is prior to 8.0.25 / 8.1.12. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-304-02 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflo...
CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...
UBUNTU-CVE-2022-31630
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or...
PHP 8.1.x < 8.1.12 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.1.12. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.1.12 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allow...
PHP 8.0.x < 8.0.25 Multiple Vulnerabilities
The version of PHP installed on the remote host is prior to 8.0.25. It is, therefore, affected by multiple vulnerabilities as referenced in the Version 8.0.25 advisory. - The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allow...
PHP 缓冲区错误漏洞
PHP is a scripting language that executes on the server side. A buffer error vulnerability exists in versions prior to PHP 8.1.12, which stems from the fact that an attacker can force an invalid memory address to be read via imageloadfont in order to trigger a denial of service or obtain sensitiv...
Arbitrary Code Execution
php8 is vulnerable to code executions. The vulnerability exists in imageloadfont function due to insufficient input validation which allows a remote attacker to execute arbitrary code via the Hardware Layer Code Box component on the /hardware page of the application...
PT-2022-5981 · Unknown +10 · Gd Extension +10
Name of the Vulnerable Software and Affected Versions: PHP versions prior to 7.4.33, 8.0.25 and 8.1.12 Description: The issue is related to the imageloadfont function in the gd extension, which can be exploited by providing a specially crafted font file. When the loaded font is used with the...
PHP 4.4.x<4.4.9, 5.2.x<5.2.6-r6 imageloadfont缓冲区溢出漏洞
No description provided by source...
CentOS 5 : php (CESA-2009:0338)
Updated php packages that fix several security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A...