CVE-2022-31630

HIGH Year: 2022
CVSS v3 Score
7.1
High
Weakness Type
CWE-131
View all →

Vulnerability Description

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Related Vulnerabilities

CVE-2017-0569

HIGH
CVSS:7.0(High)

An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High ...

CWE-1312017

CVE-2020-8450

HIGH
CVSS:7.3(High)

An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client can cause a buffer overflow in a Squid instance acting as a reverse proxy.

CWE-1312020

CVE-2023-1175

HIGH
CVSS:7.3(High)

Incorrect Calculation of Buffer Size in GitHub repository vim/vim prior to 9.0.1378.

CWE-1312023

CVE-2022-32617

MEDIUM
CVSS:6.8(Medium)

In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the devic...

CWE-1312022

CVE-2022-32618

MEDIUM
CVSS:6.8(Medium)

In typec, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege, for an attacker who has physical access to the devic...

CWE-1312022

CVE-2020-6070

MEDIUM
CVSS:6.7(Medium)

An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations...

CWE-1312020