漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
OOB read due to insufficient input validation in imageloadfont()
Vulnerability Description
In PHP versions prior to 7.4.33, 8.0.25 and 8.1.12, when using imageloadfont() function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar() function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Vulnerability Type
缓冲区大小计算不正确
Vulnerability Title
PHP 缓冲区错误漏洞
Vulnerability Description
PHP是一种在服务器端执行的脚本语言。 PHP 8.1.12之前版本存在安全漏洞,该漏洞源于攻击者可以通过imageloadfont强制读取无效内存地址,以触发拒绝服务或获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A