CVE-2022-31627

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-31627
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31627.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31627
Aliases
Downstream
Related
Published
2022-07-28T06:15:07.547Z
Modified
2026-03-14T11:47:03.537241Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

References

Affected packages

Git / github.com/php/php-src

Affected ranges

Type
GIT
Repo
https://github.com/php/php-src
Events
Introduced
381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115
Fixed
8d84e44e7bef81b5b5d896ba1459304e94ec9b10
Database specific 
{
    "versions": [
        {
            "introduced": "8.1.0"
        },
        {
            "fixed": "8.1.8"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31627.json"