CVE-2019-11037 Vulnerability Details

  /     /     /  

CVE-2019-11037 Metadata Quick Info

CVE Published: 03/05/2019 | CVE Updated: 16/09/2024 | CVE Year: 2019
Source: php | Vendor: PHP Group | Product: PHP Imagick extension
Status : PUBLISHED

---

CVE-2019-11037 Description

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-787
CWE Name: CWE-787 Out-of-bounds Write
Source: PHP Group

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).