CVE-2019-11037

NameCVE-2019-11037
DescriptionIn PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-4576-1
Debian Bugs928420

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-imagick (PTS)bullseye3.4.4+php8.0+3.4.4-2+deb11u2fixed
bookworm3.7.0-4fixed
trixie3.7.0-10fixed
sid3.7.0-12fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php-imagicksourcejessie(not affected)
php-imagicksourcestretch3.4.3~rc2-2+deb9u1DSA-4576-1
php-imagicksource(unstable)3.4.3-4.1928420

Notes

[jessie] - php-imagick <not-affected> (vulnerable code is not present)
https://bugs.php.net/bug.php?id=77791
https://github.com/mkoppanen/imagick/commits/bugfix_77791
Introduced by: https://github.com/mkoppanen/imagick/commit/a3cc177f8ed38937960e27765816e2f7a6de7391
Fixed by: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445

Search for package or bug name: Reporting problems