CVE-2022-31627

critical

Description

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

References

Advisories
More

https://security.netapp.com/advisory/ntap-20220826-0008/

https://security.gentoo.org/glsa/202209-20

https://bugs.php.net/bug.php?id=81723

Details

Source: Mitre, NVD

Published: 2022-07-28

Updated: 2022-10-25

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H