CVE-2019-11037

MEDIUM

PHP imagick 3.3.0-3.4.4 - Out-of-bounds Write in ImagickKernel::fromMatrix

Title source: llm
STIX 2.1

Description

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

References (11)

Core 11
Core References
Issue Tracking x_refsource_misc
https://github.com/CVEProject/cvelist/pull/1964
Mailing List, Vendor Advisory x_refsource_misc
https://bugs.php.net/bug.php?id=77791
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/108292
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2019/dsa-4576
Mailing List mailing-list x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Nov/39
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202003-38
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4586-1/

Scores

CVSS v3 4.9
EPSS 0.0114
EPSS Percentile 78.6%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-787
Status published
Products (1)
php/imagick 3.3.0 - 3.4.4
Published May 03, 2019
Tracked Since Feb 18, 2026