sepkascurty-cpu

2 exploits Active since Nov 2022
CVE-2022-31630 NOMISEC MEDIUM WRITEUP
PHP <7.4.33, 8.0.25, 8.1.12 - Memory Corruption
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 
1 stars
CVSS 6.5
CVE-2022-31630 NOMISEC MEDIUM WORKING POC
PHP <7.4.33, 8.0.25, 8.1.12 - Memory Corruption
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. 
1 stars
CVSS 6.5