CVE-2022-31630
OOB read due to insufficient input validation in imageloadfont()In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
We have discovered 1,076,326 live websites that are affected by CVE-2022-31630.
Contact us to get more info
Affected Software
| |
---|
Product | PHP |
Category | Programming Languages |
Vulnerable Versions | - from 7.4 before 7.4.33
- from 8 before 8.0.25
- from 8.1 before 8.1.12
|
Total Vulnerable Versions | 507 |
Vulnerable Domains | 1,076,326 live websites (8.90% of PHP install base) |
Common Weakness Enumeration
CWE-131 Incorrect Calculation of Buffer Size
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2022-31630 and the relative popularity of websites