Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-11037

Опубликовано: 03 мая 2019
Источник: debian
EPSS Низкий

Описание

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
php-imagickfixed3.4.3-4.1package
php-imagicknot-affectedjessiepackage

Примечания

  • https://bugs.php.net/bug.php?id=77791

  • https://github.com/mkoppanen/imagick/commits/bugfix_77791

  • Introduced by: https://github.com/mkoppanen/imagick/commit/a3cc177f8ed38937960e27765816e2f7a6de7391

  • Fixed by: https://github.com/Imagick/imagick/compare/d57a444766a321fa226266f51f1f42ee2cc29cc7...a827e4fd94aba346e919dc2ae8e8da2cec5a7445

EPSS

Процентиль: 78%
0.01178
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-11037

CVSS3: 4.9
ubuntu
почти 7 лет назад

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

redhat логотип

CVE-2019-11037

CVSS3: 7.5
redhat
почти 7 лет назад

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

nvd логотип

CVE-2019-11037

CVSS3: 4.9
nvd
почти 7 лет назад

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

suse-cvrf логотип

openSUSE-SU-2020:0014-1

suse-cvrf
около 6 лет назад

Security update for php7-imagick

github логотип

GHSA-c46f-p363-f93x

CVSS3: 9.8
github
больше 3 лет назад

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

EPSS

Процентиль: 78%
0.01178
Низкий