2425626 – (CVE-2025-14177) CVE-2025-14177 php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images

Bug 2425626 (CVE-2025-14177) - CVE-2025-14177 php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images

Summary: CVE-2025-14177 php: PHP: Information disclosure via getimagesize() function w...

Keywords:
Status:	NEW
Alias:	CVE-2025-14177
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-12-27 20:01 UTC by OSIDB Bzimport
Modified:	2025-12-29 20:50 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-12-27 20:01:12 UTC

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

Note You need to log in before you can comment on or make changes to this bug.