CVE-2025-14177

CVE Details

Release Date:	2025-12-27
Impact:	Low	What is this?

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

See more information about CVE-2025-14177 from MITRE CVE dictionary and NIST NVD

NOTE: The following CVSS metrics and score provided are preliminary and subject to review.

CVSS v3 metrics

Base Score:	3.7
Vector String:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Version:	3.1
Attack Vector:	Network
Attack Complexity:	High
Privileges Required:	None
User Interaction:	None
Scope:	Unchanged
Confidentiality Impact:	Low
Integrity Impact:	None
Availability Impact:	None

Errata information

Platform	Errata	Release Date
Oracle Linux version 8 (libzip)	ELSA-2026-1412	2026-01-28
Oracle Linux version 8 (php)	ELSA-2026-1412	2026-01-28
Oracle Linux version 8 (php-pear)	ELSA-2026-1412	2026-01-28
Oracle Linux version 8 (php-pecl-apcu)	ELSA-2026-1412	2026-01-28
Oracle Linux version 8 (php-pecl-rrd)	ELSA-2026-1412	2026-01-28
Oracle Linux version 8 (php-pecl-xdebug3)	ELSA-2026-1412	2026-01-28
Oracle Linux version 8 (php-pecl-zip)	ELSA-2026-1412	2026-01-28
Oracle Linux version 9 (php)	ELSA-2026-1429	2026-01-28
Oracle Linux version 9 (php-pecl-apcu)	ELSA-2026-1429	2026-01-28
Oracle Linux version 9 (php-pecl-redis6)	ELSA-2026-1429	2026-01-28
Oracle Linux version 9 (php-pecl-rrd)	ELSA-2026-1429	2026-01-28
Oracle Linux version 9 (php-pecl-xdebug3)	ELSA-2026-1429	2026-01-28
Oracle Linux version 9 (php-pecl-zip)	ELSA-2026-1429	2026-01-28