vulnerability
Ubuntu: USN-5717-1 (CVE-2022-31630): PHP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:N/A:P) | Nov 8, 2022 | Nov 9, 2022 | Aug 18, 2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
Published
Nov 8, 2022
Added
Nov 9, 2022
Modified
Aug 18, 2025
Description
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Solutions
ubuntu-upgrade-libapache2-mod-php7-4ubuntu-upgrade-libapache2-mod-php8-0ubuntu-upgrade-libapache2-mod-php8-1ubuntu-upgrade-php7-4ubuntu-upgrade-php7-4-cgiubuntu-upgrade-php7-4-cliubuntu-upgrade-php7-4-zipubuntu-upgrade-php8-1ubuntu-upgrade-php8-1-cgiubuntu-upgrade-php8-1-cliubuntu-upgrade-php8-1-zip
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.