CNNVD-202512-4843 Information
CNNVD ID
CNNVD-202512-4843
Related CVE
- CNNVD Published: 2025-12-27
Description (Chinese)
PHP是PHP开源的一种在服务器端执行的脚本语言。 PHP 8.1.34之前版本、8.2.30之前版本、8.3.29之前版本、8.4.16之前版本和8.5.1之前版本存在安全漏洞,该漏洞源于getimagesize函数在多块模式下可能泄露未初始化的堆内存,可能导致信息泄露。
Description (English)
PHP is a script language executed at the server end by the PHP open source. PHP 8.1.34, 8.2.30, 8.3.29, 8.4.16 and 8.5.1 contains a security loophole resulting from the possibility of the Getimagesize function leaking uninvolved memory in multiple blocks, which may lead to the disclosure of information.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Pi-hole
Published
2025-12-27
Last Modified
2026-02-24
References
https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7 https://vigilance.fr/vulnerability/PHP-information-disclosure-via-getimagesize-49149 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-14177
Patch
https://www.php.net/downloads.php
Share on: