VYPR

rpm package

suse/php8&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP7

pkg:rpm/suse/php8&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7

Vulnerabilities (6)

  • CVE-2025-14177Dec 27, 2025
    affected < 8.3.29-150700.3.9.1fixed 8.3.29-150700.3.9.1

    In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://fi

  • CVE-2025-14178Dec 27, 2025
    affected < 8.3.29-150700.3.9.1fixed 8.3.29-150700.3.9.1

    In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in

  • CVE-2025-14180Dec 27, 2025
    affected < 8.3.29-150700.3.9.1fixed 8.3.29-150700.3.9.1

    In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may

  • CVE-2025-1735Jul 13, 2025
    affected < 8.3.23-150700.3.3.1fixed 8.3.23-150700.3.3.1

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

  • CVE-2025-1220Jul 13, 2025
    affected < 8.3.23-150700.3.3.1fixed 8.3.23-150700.3.3.1

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in

  • CVE-2025-6491Jul 13, 2025
    affected < 8.3.23-150700.3.3.1fixed 8.3.23-150700.3.3.1

    In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the