CVE-2019-11037

NameCVE-2019-11037
DescriptionIn PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4576-1
NVD severityhigh
Debian Bugs928420

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-imagick (PTS)stretch (security), stretch3.4.3~rc2-2+deb9u1fixed
buster3.4.3-4.1fixed
bookworm, sid, bullseye3.4.4+php8.0+3.4.4-2+deb11u2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-imagicksourcejessie(not affected)
php-imagicksourcestretch3.4.3~rc2-2+deb9u1DSA-4576-1
php-imagicksource(unstable)3.4.3-4.1928420

Notes

[jessie] - php-imagick <not-affected> (vulnerable code is not present)
https://bugs.php.net/bug.php?id=77791
https://github.com/mkoppanen/imagick/commits/bugfix_77791
Introduced by: https://github.com/mkoppanen/imagick/commit/a3cc177f8ed38937960e27765816e2f7a6de7391
Fixed by: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445

Search for package or bug name: Reporting problems