CVE-2019-11037

Published: 03 May 2019

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
php-imagick
Launchpad, Ubuntu, Debian
Upstream
Released (3.4.3-4.1)
Ubuntu 20.10 (Groovy Gorilla) Needed

Ubuntu 20.04 LTS (Focal Fossa) Needed

Ubuntu 18.04 LTS (Bionic Beaver)
Released (3.4.3~rc2-2ubuntu4.1)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code-not-present)
Ubuntu 12.04 ESM (Precise Pangolin) Does not exist