CVE-2019-11037

NameCVE-2019-11037
DescriptionIn PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4576-1
NVD severityhigh
Debian Bugs928420

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-imagick (PTS)jessie3.2.0~rc1-1fixed
stretch3.4.3~rc2-2vulnerable
stretch (security)3.4.3~rc2-2+deb9u1fixed
buster3.4.3-4.1fixed
bullseye, sid3.4.4-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-imagicksource(unstable)3.4.3-4.1928420
php-imagicksourcejessie(not affected)
php-imagicksourcestretch3.4.3~rc2-2+deb9u1DSA-4576-1

Notes

[jessie] - php-imagick <not-affected> (vulnerable code is not present)
https://bugs.php.net/bug.php?id=77791
https://github.com/mkoppanen/imagick/commits/bugfix_77791
Introduced by: https://github.com/mkoppanen/imagick/commit/a3cc177f8ed38937960e27765816e2f7a6de7391
Fixed by: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445

Search for package or bug name: Reporting problems