CVE-2022-31630
OOB read due to insufficient input validation in imageloadfont()In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
We have discovered 479,641 live websites that are affected by CVE-2022-31630.
Affected Software
| Product |  PHP |
| Category | Programming Languages |
| Vulnerable Domains | 479,641 live websites (6.19% of PHP install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 68 versions ( 14% of all versions) |
Common Weakness Enumeration
CWE-131 Incorrect Calculation of Buffer SizeDetails
- Published - Nov 14, 2022
- Updated - Aug 3, 2024
Credits
- [email protected] (reporter)
- [email protected] (remediation developer)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-31630 United States | 190,118 websites |
 France | 133,928 websites |
 Russia | 14,678 websites |
 Germany | 14,581 websites |
 Japan | 9,267 websites |
 Canada | 9,083 websites |
 Poland | 8,528 websites |
 Netherlands | 8,459 websites |
 Brazil | 7,988 websites |
 Spain | 7,361 websites |
Website Distribution by TLD
Number of websites using CVE-2022-31630| .com | 239,921 websites |
| .fr | 55,605 websites |
| .org | 27,579 websites |
| .net | 14,687 websites |
| .ru | 11,994 websites |
| .de | 8,834 websites |
| .pl | 7,708 websites |
| .be | 6,951 websites |
| .com.br | 6,860 websites |
| .nl | 6,762 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-31630
Top websites that are affected by CVE-2022-31630. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *****.pl | Poland | *,*** | |
| ****.org |  GB | *,*** | |
| **********.org | United States | *,*** | |
| ******.com | France | *,*** | |
| **********.com | France | *,*** | |
| *******.pro | Russia | *,*** | |
| ***************.com |  Singapore | *,*** | |
| *********.de | Germany | *,*** | |
| ******.jp | Japan | *,*** | |
| ******.at |  Austria | *,*** |
FAQ
CVE-2022-31630 is Incorrect Calculation of Buffer Size in PHP
A total of 479,641 websites have been identified as vulnerable to CVE-2022-31630, based on global website indexing conducted by WebTechSurvey.
The PHP is affected by the CVE-2022-31630 vulnerability.
PHP versions up to 8.1.12 are vulnerable to CVE-2022-31630.
CVE-2022-31630 is resolved in version 8.1.12 of PHP.