7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.3%
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using
imageloadfont() function in gd extension, it is possible to supply a
specially crafted font file, such as if the loaded font is used with
imagechar() function, the read outside allocated buffer will be used. This
can lead to crashes or disclosure of confidential information.
Author | Note |
---|---|
sbeattie | PEAR issues should go against php-pear as of xenial |
leosilva | introduced by 88b603768f8e5074ad5cbdccc1e0779089fac9d0 in php7.40.alpha2. |
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
8.5 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
34.3%