Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

SUSE Security Advisory php7 Vulnerability Notification SUSE-SU-2026-20204-4

suse
Calendar Grey January 28, 2026
Dist Suse Esm H88
Update for php8 addresses multiple concerns including memory leaks and buffer overflows to ensure security.
An update that solves three vulnerabilities and has one fix can now be installed.

Summary

## This update for php8 fixes the following issues: Version update to 8.4.16: Security fixes: * CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710). * CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711). * CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712). Other fixes: * php8 contains Directories owned by wwwrun but does not require User. (bsc#1255043) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like

References

* bsc#1255043

* bsc#1255710

* bsc#1255711

* bsc#1255712

Cross-

* CVE-2025-14177

* CVE-2025-14178

* CVE-2025-14180

CVSS scores:

* CVE-2025-14177 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N

* CVE-2025-14177 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

* CVE-2025-14177 ( NVD ): 6.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-14177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-14178 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H

Announcement ID: SUSE-SU-2026:20146-1
Release Date: 2026-01-26T12:37:41Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here