PT-2025-52593 · Php 8.4+8 · Php 8.4+8

Nikita Sveshnikov

·

Published

2025-01-01

·

Updated

2026-05-18

·

CVE-2025-14177

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions PHP versions prior to 8.1.34 PHP versions prior to 8.2.30 PHP versions prior to 8.3.29 PHP versions prior to 8.4.16 PHP versions prior to 8.5.1
Description A bug in the php read stream all chunks() function allows for the disclosure of sensitive heap memory. This occurs when the getimagesize() function reads images in multi-chunk mode, such as through php://filter streams, because the buffer is overwritten without advancing the pointer, leaving tail bytes uninitialized. This can leak uninitialized heap memory into APPn segments (e.g., APP1). The issue is triggered when an attacker controls the stream chunk size and crafts a JPEG with a large APP1 segment spanning multiple read chunks.
Recommendations Update to version 8.1.34 or later. Update to version 8.2.30 or later. Update to version 8.3.29 or later. Update to version 8.4.16 or later. Update to version 8.5.1 or later. As a temporary workaround, restrict the use of the getimagesize() function on untrusted JPEG files, especially those processed via php://filter streams.

Exploit

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

ALSA-2026:1409
ALSA-2026:1412
ALSA-2026:1429
ALSA-2026:1628
ALSA-2026:2470
ALSA-2026:2799
AZL-73195
AZL-73240
BDU:2026-02748
BIT-LIBPHP-2025-14177
BIT-PHP-2025-14177
BIT-PHP-MIN-2025-14177
CVE-2025-14177
DSA-6088-1
GHSA-3237-QQM7-MFV7
MGASA-2025-0330
OESA-2026-1020
OESA-2026-1021
OESA-2026-1022
OESA-2026-1023
OESA-2026-1024
OESA-2026-1025
OESA-2026-1026
OPENSUSE-SU-2025:15837-1
OPENSUSE-SU-2026:20113-1
RHSA-2026:1409
RHSA-2026:1412
RHSA-2026:1429
RHSA-2026:1628
RHSA-2026:2470
RHSA-2026:2799
RHSA-2026:7614
SUSE-SU-2026:0071-1
SUSE-SU-2026:0086-1
SUSE-SU-2026:20146-1
USN-7953-1

Affected Products

Alt Linux
Debian
Linuxmint
Php7.4
Php8.2
Php 8.4
Red Os
Rocky Linux
Ubuntu