rpm package
opensuse/php8-test&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/php8-test&distro=openSUSE%20Leap%2016.0
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-14177 | — | < 8.4.16-160000.1.1 | 8.4.16-160000.1.1 | Dec 27, 2025 | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://fi | ||
| CVE-2025-14178 | — | < 8.4.16-160000.1.1 | 8.4.16-160000.1.1 | Dec 27, 2025 | In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in | ||
| CVE-2025-14180 | — | < 8.4.16-160000.1.1 | 8.4.16-160000.1.1 | Dec 27, 2025 | In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may |
- CVE-2025-14177Dec 27, 2025affected < 8.4.16-160000.1.1fixed 8.4.16-160000.1.1
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://fi
- CVE-2025-14178Dec 27, 2025affected < 8.4.16-160000.1.1fixed 8.4.16-160000.1.1
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in
- CVE-2025-14180Dec 27, 2025affected < 8.4.16-160000.1.1fixed 8.4.16-160000.1.1
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may