CVE-2019-11037
Description
In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.156
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| php-imagick security update(DSA-4576-1) php-imagick_3.4.3~rc2-2+deb9u1_i386.deb | Linux |
| php-imagick security update(DSA-4576-1) php-imagick_3.4.3~rc2-2+deb9u1_amd64.deb | Linux |
| PHP extension to create and modify images using the ImageMagick API (USN-4586-1) php-imagick_3.4.3~rc2-2ubuntu4.1_i386.deb | Linux |
| PHP extension to create and modify images using the ImageMagick API (USN-4586-1) php-imagick_3.4.3~rc2-2ubuntu4.1_amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234