{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-08T08:21:13.735","vulnerabilities":[{"cve":{"id":"CVE-2022-31630","sourceIdentifier":"security@php.net","published":"2022-11-14T07:15:09.467","lastModified":"2024-11-21T07:04:53.693","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. "},{"lang":"es","value":"En versiones de PHP anteriores a 7.4.33, 8.0.25 y 8.2.12, cuando se usa la función imageloadfont() en la extensión gd, es posible proporcionar un archivo de fuente especialmente manipulado, como si la fuente cargada se usa con imagechar() función, se utilizará la lectura fuera del búfer asignado. Esto puede provocar fallos o divulgación de información confidencial."}],"metrics":{"cvssMetricV31":[{"source":"security@php.net","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"security@php.net","type":"Secondary","description":[{"lang":"en","value":"CWE-131"},{"lang":"en","value":"CWE-190"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"7.4.0","versionEndExcluding":"7.4.33","matchCriteriaId":"53B99259-5C66-4AEF-B500-1F775B6CCA06"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.0.25","matchCriteriaId":"795EC7FC-4A42-4D2B-A900-02CA7770E515"},{"vulnerable":true,"criteria":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","versionStartIncluding":"8.1.0","versionEndExcluding":"8.1.12","matchCriteriaId":"0BFF2544-41D1-41F6-A116-F7069789A585"}]}]}],"references":[{"url":"https://bugs.php.net/bug.php?id=81739","source":"security@php.net","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"]},{"url":"https://bugs.php.net/bug.php?id=81739","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Patch","Vendor Advisory"]}]}}]}