In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
Attack Parameters
Attack Vector
Network
Can be exploited remotely
Attack Complexity
High
Difficult to exploit
Attack Requirements
Present
Additional conditions required
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed
Impact Assessment
Confidentiality
Low
Partial data leak
Integrity
None
No data modification
Availability
None
No disruption
CVSS Vector v4.0
Weakness Type (CWE)
Vulnerable Products 5
| Configuration | From (including) | Up to (excluding) |
|---|---|---|
|
Php Php
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
|
8.1.0
|
8.1.34
|
|
Php Php
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
|
8.2.0
|
8.2.30
|
|
Php Php
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
|
8.3.0
|
8.3.29
|
|
Php Php
cpe:2.3:a:php:php:*:*:*:*:*:*:*:*
|
8.4.0
|
8.4.16
|
|
Php Php
cpe:2.3:a:php:php:8.5.0:*:*:*:*:*:*:*
|
— | — |