Buffer Overflow Vulnerability in imageloadfont() Function in PHP's GD Extension

Buffer Overflow Vulnerability in imageloadfont() Function in PHP's GD Extension

CVE-2022-31630 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 

Learn more about our Web Application Penetration Testing UK.