A vulnerability was found in php. This issue occurs due to memory corruption in the finfo_buffer function and a bad patch of the libmagic library. This flaw allows an attacker or malicious actor to execute a heap buffer overflow successfully, causing a memory crash. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress quines gzip files, resulting in an infinite loop. In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a or cookie by PHP applications. In PHP versions prior to 7.4.33, 8.0.25 and 8.2.12, when using imageloadfont function in gd extension, it is possible to supply a specially crafted font file, such as if the loaded font is used with imagechar function, the read outside allocated buffer will be used. This can lead to crashes or disclosure of confidential information. A flaw was found in PHP. This issue occurs due to an uncaught integer overflow in PDO::quote of PDO_SQLite returning an improperly quoted string. With the implementation of sqlite3_snprintf, it is possible to force the function to return a single apostrophe if the function is called on user-supplied input without any length restrictions in place. The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface