Количество 27
Количество 27
openSUSE-SU-2026:20113-1
Security update for php8
SUSE-SU-2026:0086-1
Security update for php8
SUSE-SU-2026:0071-1
Security update for php8
RLSA-2026:1429
Important: php:8.3 security update
ELSA-2026-1628
ELSA-2026-1628: php security update (IMPORTANT)
ELSA-2026-1429
ELSA-2026-1429: php:8.3 security update (IMPORTANT)
RLSA-2026:1412
Important: php:8.2 security update
RLSA-2026:1409
Important: php:8.2 security update
ELSA-2026-1412
ELSA-2026-1412: php:8.2 security update (IMPORTANT)
ELSA-2026-1409
ELSA-2026-1409: php:8.2 security update (IMPORTANT)
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14177
Information Leak of Memory in getimagesize
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...
GHSA-3237-qqm7-mfv7
Information Leak of Memory in getimagesize
CVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
CVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
CVE-2025-14180
NULL Pointer Dereference in PDO quoting
CVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...
CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | openSUSE-SU-2026:20113-1 Security update for php8 | 9 дней назад | ||
| SUSE-SU-2026:0086-1 Security update for php8 | 26 дней назад | ||
| SUSE-SU-2026:0071-1 Security update for php8 | 27 дней назад | ||
 | RLSA-2026:1429 Important: php:8.3 security update | 7 дней назад | ||
| ELSA-2026-1628 ELSA-2026-1628: php security update (IMPORTANT) | 3 дня назад | ||
| ELSA-2026-1429 ELSA-2026-1429: php:8.3 security update (IMPORTANT) | 7 дней назад | ||
| RLSA-2026:1412 Important: php:8.2 security update | 7 дней назад | ||
| RLSA-2026:1409 Important: php:8.2 security update | 7 дней назад | ||
| ELSA-2026-1412 ELSA-2026-1412: php:8.2 security update (IMPORTANT) | 7 дней назад | ||
| ELSA-2026-1409 ELSA-2026-1409: php:8.2 security update (IMPORTANT) | 6 дней назад | ||
 | CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
 | CVE-2025-14177 Information Leak of Memory in getimagesize | CVSS3: 3.7 | 0% Низкий | около 1 месяца назад |
| CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ... | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| GHSA-3237-qqm7-mfv7 Information Leak of Memory in getimagesize | 0% Низкий | около 2 месяцев назад | |
| CVE-2025-14180 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-14180 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server. | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-14180 NULL Pointer Dereference in PDO quoting | CVSS3: 5.9 | 0% Низкий | около 1 месяца назад |
| CVE-2025-14180 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ... | CVSS3: 7.5 | 0% Низкий | около 1 месяца назад |
| CVE-2025-14178 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server. | CVSS3: 6.5 | 0% Низкий | около 1 месяца назад |
Уязвимостей на страницу