Количество 23
Количество 23
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14177
Information Leak of Memory in getimagesize
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...
GHSA-3237-qqm7-mfv7
Information Leak of Memory in getimagesize
BDU:2026-02748
Уязвимость функции php_read_stream_all_chunks языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным
ROS-20260514-73-0001
Уязвимость php
RLSA-2026:2799
Moderate: php security update
ELSA-2026-2799
ELSA-2026-2799: php security update (MODERATE)
openSUSE-SU-2026:20113-1
Security update for php8
SUSE-SU-2026:0086-1
Security update for php8
SUSE-SU-2026:0071-1
Security update for php8
RLSA-2026:1628
Important: php security update
RLSA-2026:1429
Important: php:8.3 security update
ELSA-2026-1628
ELSA-2026-1628: php security update (IMPORTANT)
ELSA-2026-1429
ELSA-2026-1429: php:8.3 security update (IMPORTANT)
RLSA-2026:1412
Important: php:8.2 security update
RLSA-2026:1409
Important: php:8.2 security update
ELSA-2026-1412
ELSA-2026-1412: php:8.2 security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server. | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server. | CVSS3: 3.7 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server. | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
 | CVE-2025-14177 Information Leak of Memory in getimagesize | CVSS3: 3.7 | 0% Низкий | 6 месяцев назад |
| CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ... | CVSS3: 7.5 | 0% Низкий | 6 месяцев назад |
| GHSA-3237-qqm7-mfv7 Information Leak of Memory in getimagesize | 0% Низкий | 6 месяцев назад | |
 | BDU:2026-02748 Уязвимость функции php_read_stream_all_chunks языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным | CVSS3: 3.7 | 0% Низкий | 7 месяцев назад |
 | ROS-20260514-73-0001 Уязвимость php | CVSS3: 3.7 | 0% Низкий | около 1 месяца назад |
 | RLSA-2026:2799 Moderate: php security update | 4 месяца назад | ||
| ELSA-2026-2799 ELSA-2026-2799: php security update (MODERATE) | 4 месяца назад | ||
 | openSUSE-SU-2026:20113-1 Security update for php8 | 5 месяцев назад | ||
| SUSE-SU-2026:0086-1 Security update for php8 | 5 месяцев назад | ||
| SUSE-SU-2026:0071-1 Security update for php8 | 5 месяцев назад | ||
| RLSA-2026:1628 Important: php security update | 5 месяцев назад | ||
| RLSA-2026:1429 Important: php:8.3 security update | 5 месяцев назад | ||
| ELSA-2026-1628 ELSA-2026-1628: php security update (IMPORTANT) | 5 месяцев назад | ||
| ELSA-2026-1429 ELSA-2026-1429: php:8.3 security update (IMPORTANT) | 5 месяцев назад | ||
| RLSA-2026:1412 Important: php:8.2 security update | 5 месяцев назад | ||
| RLSA-2026:1409 Important: php:8.2 security update | 5 месяцев назад | ||
| ELSA-2026-1412 ELSA-2026-1412: php:8.2 security update (IMPORTANT) | 5 месяцев назад |
Уязвимостей на страницу