{"id":"CVE-2022-31627","details":"In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.","aliases":["BIT-libphp-2022-31627","BIT-php-2022-31627","BIT-php-min-2022-31627"],"modified":"2026-03-14T11:47:03.537241Z","published":"2022-07-28T06:15:07.547Z","related":["openSUSE-SU-2024:12218-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-20"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220826-0008/"},{"type":"FIX","url":"https://bugs.php.net/bug.php?id=81723"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/php/php-src","events":[{"introduced":"381ba9f5d0edd0c9c8ec1dea7e21d513ad08b115"},{"fixed":"8d84e44e7bef81b5b5d896ba1459304e94ec9b10"}],"database_specific":{"versions":[{"introduced":"8.1.0"},{"fixed":"8.1.8"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31627.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}