PHP released a security update to address a vulnerability in PHP 8.1.7. In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third-party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.

For a complete description of the vulnerabilities and affected systems: 

• Ubuntu.com/security/notices/USN-5530-1

• Red Hat Fedora 36

• PHP Change Log

IT Security

Read more about IT Security service offerings.