Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE Advisory 2026:0086-1 for Moderate Heap Overflow in php8 CVE-2025-14177

suse
Calendar Grey January 9, 2026
Dist Suse Esm H88
Critical moderate update for php8 on SUSE addressing multiple vulnerabilities. Immediate installation recommended for security.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for php8 fixes the following issues: Security fixes: * CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710). * CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). * CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712). Other fixes: Version 8.3.29 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland

Topics%20covered

Topics Covered

security advisory moderate security update SuSE heap overflow php8

References

* bsc#1255710

* bsc#1255711

* bsc#1255712

Cross-

* CVE-2025-14177

* CVE-2025-14178

* CVE-2025-14180

CVSS scores:

* CVE-2025-14177 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

* CVE-2025-14177 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-14177 ( NVD ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-14177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-14178 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Announcement ID: SUSE-SU-2026:0086-1
Release Date: 2026-01-09T15:01:56Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate security update SuSE heap overflow php8

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here