Red Hat Security Advisory: php security update
Two security vulnerabilities have been identified in PHP as packaged for Red Hat Enterprise Linux 9. The first is a heap-based buffer overflow in the array_merge() function (CVE-2025-14178). The second is an information disclosure issue via the getimagesize() function when processing multi-chunk images (CVE-2025-14177). Red Hat has issued a security advisory (RHSA-2026:2799) rating these vulnerabilities as having a moderate security impact and has released updated PHP packages to address them. The vulnerabilities affect multiple architectures and variants of Red Hat Enterprise Linux 9. No known exploits in the wild have been reported. Users are advised to apply the provided updates to remediate these issues.
AI Analysis
Technical Summary
This advisory covers two vulnerabilities in PHP on Red Hat Enterprise Linux 9. CVE-2025-14178 is a heap-based buffer overflow in the array_merge() function, which could potentially lead to memory corruption. CVE-2025-14177 involves information disclosure through the getimagesize() function when reading multi-chunk images. Red Hat has released updated PHP packages (version 8.0.30-5.el9_7) to fix these issues. The advisory rates the impact as moderate and provides detailed package updates for various architectures. No CVSS scores are provided in the advisory, and no known active exploitation has been reported.
Potential Impact
The heap-based buffer overflow (CVE-2025-14178) could allow an attacker to cause memory corruption, potentially leading to application crashes or other unintended behavior. The information disclosure vulnerability (CVE-2025-14177) could allow unauthorized access to sensitive information via crafted image files. Both vulnerabilities are rated as moderate in severity by Red Hat. There are no reports of these vulnerabilities being exploited in the wild at this time.
Mitigation Recommendations
Red Hat has released updated PHP packages that address these vulnerabilities. Users of Red Hat Enterprise Linux 9 should apply the security update as described in Red Hat advisory RHSA-2026:2799 and the related article https://access.redhat.com/articles/11258. Applying these updates will remediate the vulnerabilities. No additional mitigation steps are indicated or required by the vendor.
Red Hat Security Advisory: php security update
Description
Two security vulnerabilities have been identified in PHP as packaged for Red Hat Enterprise Linux 9. The first is a heap-based buffer overflow in the array_merge() function (CVE-2025-14178). The second is an information disclosure issue via the getimagesize() function when processing multi-chunk images (CVE-2025-14177). Red Hat has issued a security advisory (RHSA-2026:2799) rating these vulnerabilities as having a moderate security impact and has released updated PHP packages to address them. The vulnerabilities affect multiple architectures and variants of Red Hat Enterprise Linux 9. No known exploits in the wild have been reported. Users are advised to apply the provided updates to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory covers two vulnerabilities in PHP on Red Hat Enterprise Linux 9. CVE-2025-14178 is a heap-based buffer overflow in the array_merge() function, which could potentially lead to memory corruption. CVE-2025-14177 involves information disclosure through the getimagesize() function when reading multi-chunk images. Red Hat has released updated PHP packages (version 8.0.30-5.el9_7) to fix these issues. The advisory rates the impact as moderate and provides detailed package updates for various architectures. No CVSS scores are provided in the advisory, and no known active exploitation has been reported.
Potential Impact
The heap-based buffer overflow (CVE-2025-14178) could allow an attacker to cause memory corruption, potentially leading to application crashes or other unintended behavior. The information disclosure vulnerability (CVE-2025-14177) could allow unauthorized access to sensitive information via crafted image files. Both vulnerabilities are rated as moderate in severity by Red Hat. There are no reports of these vulnerabilities being exploited in the wild at this time.
Mitigation Recommendations
Red Hat has released updated PHP packages that address these vulnerabilities. Users of Red Hat Enterprise Linux 9 should apply the security update as described in Red Hat advisory RHSA-2026:2799 and the related article https://access.redhat.com/articles/11258. Applying these updates will remediate the vulnerabilities. No additional mitigation steps are indicated or required by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:2799
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-14178"]
- Cvss Version
- null
Threat ID: 6a248d78e29bf47b50d6530b
Added to database: 6/6/2026, 9:13:28 PM
Last enriched: 6/6/2026, 9:20:10 PM
Last updated: 6/6/2026, 10:34:57 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.