vulnerability
Ubuntu: USN-5717-1 (CVE-2022-31630): PHP vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:N/A:P) | Nov 8, 2022 | Nov 9, 2022 | Mar 27, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
Published
Nov 8, 2022
Added
Nov 9, 2022
Modified
Mar 27, 2026
Description
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
Solutions
ubuntu-upgrade-libapache2-mod-php7-4ubuntu-upgrade-libapache2-mod-php8-0ubuntu-upgrade-libapache2-mod-php8-1ubuntu-upgrade-php7-4ubuntu-upgrade-php7-4-cgiubuntu-upgrade-php7-4-cliubuntu-upgrade-php7-4-zipubuntu-upgrade-php8-1ubuntu-upgrade-php8-1-cgiubuntu-upgrade-php8-1-cliubuntu-upgrade-php8-1-zip
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.