PT-2025-52593 · Php 8.4+8 · Php 8.4+8
Nikita Sveshnikov
·
Published
2025-01-01
·
Updated
2026-05-18
·
CVE-2025-14177
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PHP versions prior to 8.1.34
PHP versions prior to 8.2.30
PHP versions prior to 8.3.29
PHP versions prior to 8.4.16
PHP versions prior to 8.5.1
Description
A bug in the
php read stream all chunks() function allows for the disclosure of sensitive heap memory. This occurs when the getimagesize() function reads images in multi-chunk mode, such as through php://filter streams, because the buffer is overwritten without advancing the pointer, leaving tail bytes uninitialized. This can leak uninitialized heap memory into APPn segments (e.g., APP1). The issue is triggered when an attacker controls the stream chunk size and crafts a JPEG with a large APP1 segment spanning multiple read chunks.Recommendations
Update to version 8.1.34 or later.
Update to version 8.2.30 or later.
Update to version 8.3.29 or later.
Update to version 8.4.16 or later.
Update to version 8.5.1 or later.
As a temporary workaround, restrict the use of the
getimagesize() function on untrusted JPEG files, especially those processed via php://filter streams.Exploit
Fix
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Debian
Linuxmint
Php7.4
Php8.2
Php 8.4
Red Os
Rocky Linux
Ubuntu