CVE-2019-11037 MEDIUM

CVE-2019-11037: Out of bounds memory write in PHP Imagick extension

Vendor Php Group
Product PHP Imagick extension
Weakness CWE-787
Published May 3, 2019
Last update September 16, 2024

CVSS base score

4.9/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Key dates

02Disclosure timeline

May 3, 2019 CVE published
September 16, 2024 Record updated