| Name | CVE-2019-11037 |
| Description | In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-4576-1 |
| Debian Bugs | 928420 |
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| php-imagick (PTS) | buster | 3.4.3-4.1 | fixed |
| bullseye | 3.4.4+php8.0+3.4.4-2+deb11u2 | fixed | |
| sid, trixie, bookworm | 3.7.0-4 | fixed |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| php-imagick | source | jessie | (not affected) | |||
| php-imagick | source | stretch | 3.4.3~rc2-2+deb9u1 | DSA-4576-1 | ||
| php-imagick | source | (unstable) | 3.4.3-4.1 | 928420 |
[jessie] - php-imagick <not-affected> (vulnerable code is not present)
https://bugs.php.net/bug.php?id=77791
https://github.com/mkoppanen/imagick/commits/bugfix_77791
Introduced by: https://github.com/mkoppanen/imagick/commit/a3cc177f8ed38937960e27765816e2f7a6de7391
Fixed by: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445