Home

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

PUBLISHED Reserved 2025-12-06 | Published 2025-12-27 | Updated 2025-12-27 | Assigner php




MEDIUM: 6.3CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

Problem types

CWE-125 Out-of-bounds Read

Product status

Default status
affected

8.1.* (semver) before 8.1.34
affected

8.2.* (semver) before 8.2.30
affected

8.3.* (semver) before 8.3.29
affected

8.4.* (semver) before 8.4.16
affected

8.5.* (semver) before 8.5.1
affected

Credits

Nikita Sveshnikov (Positive Technologies) reporter

References

github.com/...hp-src/security/advisories/GHSA-3237-qqm7-mfv7

cve.org (CVE-2025-14177)

nvd.nist.gov (CVE-2025-14177)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.