CVE-2022-31630

MEDIUM

PHP <7.4.33, 8.0.25, 8.1.12 - Memory Corruption

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2022-31630. PoCs published by sepkascurty-cpu.

AI-analyzed exploit summary This repository contains a functional Proof of Concept (PoC) exploit for CVE-2022-31630, an Out-of-Bounds (OOB) Read vulnerability in PHP's GD extension. The exploit demonstrates the vulnerability by creating a malformed font file that triggers an OOB read when processed by the imageloadfont() function.

Description

In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.

Exploits (2)

nomisec WORKING POC 1 stars

by sepkascurty-cpu · poc

https://github.com/sepkascurty-cpu/php-exploit_cve-2022-31630

View Code ZIP pw:eip

This repository contains a functional Proof of Concept (PoC) exploit for CVE-2022-31630, an Out-of-Bounds (OOB) Read vulnerability in PHP's GD extension. The exploit demonstrates the vulnerability by creating a malformed font file that triggers an OOB read when processed by the imageloadfont() function.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: PHP GD extension (versions 7.4.x before 7.4.33, 8.0.x before 8.0.25, 8.1.x before 8.1.12)

No auth needed

Prerequisites: Docker · PHP with GD extension · vulnerable PHP version

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 15, 2026 Full analysis →

nomisec WRITEUP 1 stars

by sepkascurty-cpu · poc

https://github.com/sepkascurty-cpu/CVE-2022-31630---Proof-of-Concept-Exploit-untuk-PHP-7.4.33

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2022-31630, an Out-of-Bounds (OOB) Read vulnerability in PHP's GD extension, specifically in the imageloadfont() function. It explains the root cause, affected versions, and the mechanism of exploitation but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: PHP 7.4.x before 7.4.33, 8.0.x before 8.0.25, 8.1.x before 8.1.12

No auth needed

Prerequisites: Control over a malicious GD font file loaded by the target PHP application

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Mar 15, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Issue Tracking, Patch, Vendor Advisory

https://bugs.php.net/bug.php?id=81739

Scores

CVSS v3 6.5

EPSS 0.0220

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

CWE

CWE-190 CWE-125 CWE-131

Status published

Products (1)

php/php 7.4.0 - 7.4.33

Published Nov 14, 2022

Tracked Since Feb 18, 2026