CVE-2022-31630 Before 7.4.33, 8.0.25, and 8.2.12, gd extension's imageloadfont() could be used to load a font that would be read outside allocated buffer.
The vulnerable font file can be crafted with font encoding such as greek. An example vulnerability can be found in the function imageloadfont() in file ext/gd/gd.c, in the gd extension. When the font encoding is set to anything other than latin1, an overflow can occur in that certain characters will be written outside of the allocated buffer. An example of a vulnerable font file is greek. The issue is present in PHP 7.3.0. This issue was discovered by Dawid Wrozynski of Cisco Talos. This issue was resolved in version 7.4.33, 8.0.25 and 8
References:
- https://www.cisco.com/c/en/us/products/security/endpoint-protection-software/version-history.html
- https://bugs.php.net/bug.php?id=69659
CVE-2022-31630
The vulnerable font file can be crafted with font encoding such as greek. An example vulnerability can be found in the function imageloadfont() in file ext/gd/gd.c, in the gd extension. When the font encoding is set to anything other than latin1, an overflow can occur in that certain characters will be written outside of the allocated buffer. An example of a vulnerable font file is greek. The issue is present in PHP 7.3 and 7.3.0 only, and was discovered by Dawid Wrozynski of Cisco Talos on April 12, 2017 . This issue was resolved on May 1st, 2017 by patching PHP 7 and all affected versions of PHP 7 which fixed the overflow bug; CVE-2022-31630 has been assigned to this flaw..
Vulnerable Vendors
Vendor: Linux
Versions Affected: PHP 7.3.0 and earlier versions
Severity Rating: Medium
Status: Fixed
CVE-2022-31630
Vulnerability Discovery and Discussion
An exploit has been found in the popular PHP 7.3.0 package that can create a buffer overflow vulnerability in the function imageloadfont() in file ext/gd/gd.c, in the gd extension. The issue is present in PHP 7.3.0 and can be exploited with just one line of code.
Timeline
Published on: 11/14/2022 07:15:00 UTC
Last modified on: 11/28/2022 17:33:00 UTC