exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 7

CVE-2025-14177

около 1 месяца назад

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-14177

около 1 месяца назад

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

CVSS3: 7.5

EPSS: Низкий

CVE-2025-14177

около 1 месяца назад

Information Leak of Memory in getimagesize

CVSS3: 3.7

EPSS: Низкий

CVE-2025-14177

около 1 месяца назад

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...

CVSS3: 7.5

EPSS: Низкий

GHSA-3237-qqm7-mfv7

около 2 месяцев назад

Information Leak of Memory in getimagesize

EPSS: Низкий

SUSE-SU-2026:0086-1

26 дней назад

Security update for php8

EPSS: Низкий

SUSE-SU-2026:0071-1

27 дней назад

Security update for php8

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.	CVSS3: 7.5	0% Низкий	около 1 месяца назад
CVE-2025-14177 Information Leak of Memory in getimagesize	CVSS3: 3.7	0% Низкий	около 1 месяца назад
CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...	CVSS3: 7.5	0% Низкий	около 1 месяца назад
GHSA-3237-qqm7-mfv7 Information Leak of Memory in getimagesize		0% Низкий	около 2 месяцев назад
SUSE-SU-2026:0086-1 Security update for php8			26 дней назад
SUSE-SU-2026:0071-1 Security update for php8			27 дней назад

Уязвимостей на страницу