CVE-2022-31627

CRITICAL9.8EPSS 0.31%

Heap buffer overflow in finfo_buffer

Published: 8/11/2025Modified: 8/11/2025

Description

In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

Affected packages (3)

Bitnami/libphp>= 8.1.0, < 8.1.8
Bitnami/php>= 8.1.0, < 8.1.8
Bitnami/php-min>= 8.1.0, < 8.1.8

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

WEBhttps://bugs.php.net/bug.php?id=81723
WEBhttps://nvd.nist.gov/vuln/detail/CVE-2022-31627
WEBhttps://security.gentoo.org/glsa/202209-20
WEBhttps://security.netapp.com/advisory/ntap-20220826-0008/