Bug 2425626 (CVE-2025-14177) - CVE-2025-14177 php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images
Summary: CVE-2025-14177 php: PHP: Information disclosure via getimagesize() function w...
Keywords:
Status: NEW
Alias: CVE-2025-14177
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-12-27 20:01 UTC by OSIDB Bzimport
Modified: 2026-02-17 10:42 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:1409 0 None None None 2026-01-27 17:55:32 UTC
Red Hat Product Errata RHSA-2026:1412 0 None None None 2026-01-27 17:30:03 UTC
Red Hat Product Errata RHSA-2026:1429 0 None None None 2026-01-27 19:25:52 UTC
Red Hat Product Errata RHSA-2026:1628 0 None None None 2026-02-02 01:48:41 UTC
Red Hat Product Errata RHSA-2026:2470 0 None None None 2026-02-10 20:13:48 UTC
Red Hat Product Errata RHSA-2026:2799 0 None None None 2026-02-17 10:42:17 UTC

Description OSIDB Bzimport 2025-12-27 20:01:12 UTC 
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
Comment 4 errata-xmlrpc 2026-01-27 17:30:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:1412 https://access.redhat.com/errata/RHSA-2026:1412
Comment 5 errata-xmlrpc 2026-01-27 17:55:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1409 https://access.redhat.com/errata/RHSA-2026:1409
Comment 6 errata-xmlrpc 2026-01-27 19:25:50 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:1429 https://access.redhat.com/errata/RHSA-2026:1429
Comment 7 errata-xmlrpc 2026-02-02 01:48:40 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:1628 https://access.redhat.com/errata/RHSA-2026:1628
Comment 8 errata-xmlrpc 2026-02-10 20:13:46 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:2470 https://access.redhat.com/errata/RHSA-2026:2470
Comment 9 errata-xmlrpc 2026-02-17 10:42:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:2799 https://access.redhat.com/errata/RHSA-2026:2799
Note You need to log in before you can comment on or make changes to this bug.