16 matches found
RLSA-2026:1429 Important: php:8.3 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: heap-based buffer overflow in arraymerge CVE-2025-14178 php: PHP: Information disclosure via getimagesize function when reading multi-chunk images CVE-2025-14177 php: PHP: Denial of Service...
Security update for php8 (moderate)
openSUSE security update: security update for php8 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20113-1 Rating: moderate References: bsc1255043 bsc1255710 bsc1255711 bsc1255712 Cross-References: CVE-2025-14177 CVE-2025-14178 CVE-2025-14180 CVSS...
Important: php:8.2 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-6491 php: PHP Hostname Nul...
SUSE-SU-2026:20146-1 Security update for php8
This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in...
Security update for php8
This update for php8 fixes the following issues: Security fixes: CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element cou...
OESA-2026-1025 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
OESA-2026-1024 php security update
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...
openSUSE 15: apache2-mod_php8 / php8 / php8-bcmath / php8-bz2 / php8-calendar / etc (SUSE-SU-2026:0071-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0071-1 advisory. Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk...
SUSE-SU-2026:0071-1 Security update for php8
This update for php8 fixes the following issues: Security fixes: - CVE-2025-14177: getimagesize function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode bsc1255710. - CVE-2025-14178: heap buffer overflow occurs in arraymerge when the total element...
BIT-PHP-MIN-2025-14177 Information Leak of Memory in getimagesize
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...
PHP 8.3.x < 8.3.29 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.2.x prior to 8.2.30, 8.3.x prior to 8.3.29, 8.4.x prior to 8.4.16, or 8.5.x prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities: - Information leak of memory in getimagesize...
PHP 8.1.x < 8.1.34 Multiple Vulnerabilities
According to its self-reported version number, the version of PHP installed on the remote host is 8.2.x prior to 8.2.30, 8.3.x prior to 8.3.29, 8.4.x prior to 8.4.16, or 8.5.x prior to 8.5.1. It is, therefore, affected by multiple vulnerabilities: - Information leak of memory in getimagesize...
AZL-73195 CVE-2025-14177 affecting package php for versions less than 8.3.29-1
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...
CVE-2025-14177
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...
UBUNTU-CVE-2025-14177
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...
EUVD-2025-205484
In PHP versions:8.1. before 8.1.34, 8.2. before 8.2.30, 8.3. before 8.3.29, 8.4. before 8.4.16, 8.5. before 8.5.1, the getimagesize function may leak uninitialized heap memory into the APPn segments e.g., APP1 when reading images in multi-chunk mode such as via php://filter. This occurs due to a...