vulnerability

Debian: CVE-2019-11037: php-imagick -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	May 3, 2019	Nov 27, 2019	Mar 30, 2026

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

May 3, 2019

Added

Nov 27, 2019

Modified

Mar 30, 2026

Description

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Solution

debian-upgrade-php-imagick

References

CVE-2019-11037
https://attackerkb.com/topics/CVE-2019-11037
CWE-787
DEBIAN-DSA-4576
DEBIAN-DSA-4576-1
EUVD-EUVD-2019-2745
https://euvd.enisa.europa.eu/vulnerability/EUVD-2019-2745

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report