Vulnerabilities

CVE-2025-14177 - Information Leak of Memory in getimagesize

2025-12-27 0 views admin

CVE ID : CVE-2025-14177 Published : Dec. 27, 2025, 8:15 p.m. | 58 minutes ago Description : In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server. Severity: 6.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-14177

Severity

MEDIUM

Published

Dec. 27, 2025

Affected Product: PHP

Impact: information disclosure

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-14177mediumphp

CVE-2025-14177 - Information Leak of Memory in getimagesize

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-68972 - GnuPG Invalid Armor Injection Vulnerability

CVE-2025-14180 - NULL Pointer Dereference in PDO quoting

CVE-2025-14178 - Heap buffer overflow in array_merge()

CVE-2025-15110 - jackq XCMS Backend ProductImageController.class.php upload unrestricted upload

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting