Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 522
Alerts This Week
Warning Icon 1 522

openSUSE: php8 Moderate Issues in Memory Management 2026:0071-1

suse
Calendar Grey January 8, 2026
Dist Suse Esm H88
Critical vulnerabilities in php8 affect openSUSE Leap 15.6, patch recommended to secure systems against potential risks.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for php8 fixes the following issues: Security fixes: * CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710). * CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). * CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712). Other fixes: * Update to 8.2.30: Curl: Fix curl build and test failures with version 8.16. Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null

References

* bsc#1255710

* bsc#1255711

* bsc#1255712

Cross-

* CVE-2025-14177

* CVE-2025-14178

* CVE-2025-14180

CVSS scores:

* CVE-2025-14177 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

* CVE-2025-14177 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-14177 ( NVD ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-14178 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

* CVE-2025-14178 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Announcement ID: SUSE-SU-2026:0071-1
Release Date: 2026-01-08T13:22:08Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.