Vulnerability Description
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Php | Imagick | >= 3.3.0, <= 3.4.4 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html
- http://www.securityfocus.com/bid/108292
- https://bugs.php.net/bug.php?id=77791Mailing ListVendor Advisory
- https://github.com/CVEProject/cvelist/pull/1964
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://seclists.org/bugtraq/2019/Nov/39
- https://security.gentoo.org/glsa/202003-38
- https://usn.ubuntu.com/4586-1/
- https://www.debian.org/security/2019/dsa-4576
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html
- http://www.securityfocus.com/bid/108292
- https://bugs.php.net/bug.php?id=77791Mailing ListVendor Advisory
- https://github.com/CVEProject/cvelist/pull/1964
FAQ
What is CVE-2019-11037?
CVE-2019-11037 is a vulnerability with a CVSS score of 4.9 (MEDIUM). In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. T...
How severe is CVE-2019-11037?
CVE-2019-11037 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-11037?
Check the references section above for vendor advisories and patch information. Affected products include: Php Imagick.