CVE-2019-11037 - OpenCVE

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php	Imagick

Configuration 1 [-]

cpe:2.3:a:php:imagick:*:*:*:*:*:*:*:*

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html
http://www.securityfocus.com/bid/108292
https://bugs.php.net/bug.php?id=77791	Mailing List Vendor Advisory
https://github.com/CVEProject/cvelist/pull/1964
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MQ7WJA25YF2R2LRALK4QEYWUHHJPSUD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU66V7QJKD32RXLY5J7Z5NZH4V3VV524/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FME5ZG7DDYWUPPHTTAFJB5OFFCPXYHPS/
https://seclists.org/bugtraq/2019/Nov/39
https://security.gentoo.org/glsa/202003-38
https://usn.ubuntu.com/4586-1/
https://www.debian.org/security/2019/dsa-4576

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: php

Published: 2019-05-02T00:00:00

Updated: 2020-10-23T00:06:08

Reserved: 2019-04-09T00:00:00

Link: CVE-2019-11037

JSON object: View

NVD Information

Status : Modified

Published: 2019-05-03T20:29:00.420

Modified: 2023-11-07T03:02:37.630

Link: CVE-2019-11037

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"containers": {"cna": {"affected": [{"product": "PHP Imagick extension", "vendor": "PHP Group", "versions": [{"lessThan": "3.4.4", "status": "affected", "version": "3.4.4", "versionType": "custom"}, {"lessThan": "3.3.0*", "status": "affected", "version": "3.3.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "value": "imagick extension should be installed for this problem to exist."}], "datePublic": "2019-05-02T00:00:00", "descriptions": [{"lang": "en", "value": "In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-23T00:06:08", "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "shortName": "php"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugs.php.net/bug.php?id=77791"}, {"name": "108292", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108292"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/CVEProject/cvelist/pull/1964"}, {"name": "FEDORA-2019-488d0f9a4b", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MQ7WJA25YF2R2LRALK4QEYWUHHJPSUD/"}, {"name": "FEDORA-2019-9448fa46f3", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU66V7QJKD32RXLY5J7Z5NZH4V3VV524/"}, {"name": "FEDORA-2019-5dc1f4100e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FME5ZG7DDYWUPPHTTAFJB5OFFCPXYHPS/"}, {"name": "DSA-4576", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4576"}, {"name": "20191126 [SECURITY] [DSA 4576-1] php-imagick security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Nov/39"}, {"name": "openSUSE-SU-2020:0014", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html"}, {"name": "GLSA-202003-38", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202003-38"}, {"name": "USN-4586-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4586-1/"}], "source": {"defect": ["https://bugs.php.net/bug.php?id=77791"], "discovery": "EXTERNAL"}, "title": "Out of bounds memory write in PHP Imagick extension", "x_generator": {"engine": "Vulnogram 0.0.6"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@php.net", "DATE_PUBLIC": "2019-05-02T23:00:00.000Z", "ID": "CVE-2019-11037", "STATE": "PUBLIC", "TITLE": "Out of bounds memory write in PHP Imagick extension"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PHP Imagick extension", "version": {"version_data": [{"version_affected": "<", "version_name": "3.4.4", "version_value": "3.4.4"}, {"version_affected": ">=", "version_name": "3.3.0", "version_value": "3.3.0"}]}}]}, "vendor_name": "PHP Group"}]}}, "configuration": [{"lang": "en", "value": "imagick extension should be installed for this problem to exist."}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party."}]}, "generator": {"engine": "Vulnogram 0.0.6"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-787 Out-of-bounds Write"}]}]}, "references": {"reference_data": [{"name": "https://bugs.php.net/bug.php?id=77791", "refsource": "MISC", "url": "https://bugs.php.net/bug.php?id=77791"}, {"name": "108292", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108292"}, {"name": "https://github.com/CVEProject/cvelist/pull/1964", "refsource": "MISC", "url": "https://github.com/CVEProject/cvelist/pull/1964"}, {"name": "FEDORA-2019-488d0f9a4b", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MQ7WJA25YF2R2LRALK4QEYWUHHJPSUD/"}, {"name": "FEDORA-2019-9448fa46f3", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BU66V7QJKD32RXLY5J7Z5NZH4V3VV524/"}, {"name": "FEDORA-2019-5dc1f4100e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FME5ZG7DDYWUPPHTTAFJB5OFFCPXYHPS/"}, {"name": "DSA-4576", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4576"}, {"name": "20191126 [SECURITY] [DSA 4576-1] php-imagick security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Nov/39"}, {"name": "openSUSE-SU-2020:0014", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html"}, {"name": "GLSA-202003-38", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-38"}, {"name": "USN-4586-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4586-1/"}]}, "source": {"defect": ["https://bugs.php.net/bug.php?id=77791"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b", "assignerShortName": "php", "cveId": "CVE-2019-11037", "datePublished": "2019-05-02T00:00:00", "dateReserved": "2019-04-09T00:00:00", "dateUpdated": "2020-10-23T00:06:08", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php:imagick:*:*:*:*:*:*:*:*", "matchCriteriaId": "E712AC66-A782-4831-8C9D-CE3E6551CF7D", "versionEndIncluding": "3.4.4", "versionStartIncluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party."}, {"lang": "es", "value": "La extensi\u00f3n imagick en PHP en versiones 3.3.0 y 3.4.4, al escribir en una matriz de valores en la funci\u00f3n ImagickKernel::fromMatrix() no comprobaba que la direcci\u00f3n estuviese localizada en la matriz. Esto podr\u00eda permitir la escritura fuera de limites de memoria si la funci\u00f3n es llamada con los datos controlados por un tercero no confiable."}], "id": "CVE-2019-11037", "lastModified": "2023-11-07T03:02:37.630", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 1.4, "impactScore": 3.4, "source": "security@php.net", "type": "Secondary"}]}, "published": "2019-05-03T20:29:00.420", "references": [{"source": "security@php.net", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html"}, {"source": "security@php.net", "url": "http://www.securityfocus.com/bid/108292"}, {"source": "security@php.net", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://bugs.php.net/bug.php?id=77791"}, {"source": "security@php.net", "url": "https://github.com/CVEProject/cvelist/pull/1964"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MQ7WJA25YF2R2LRALK4QEYWUHHJPSUD/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BU66V7QJKD32RXLY5J7Z5NZH4V3VV524/"}, {"source": "security@php.net", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FME5ZG7DDYWUPPHTTAFJB5OFFCPXYHPS/"}, {"source": "security@php.net", "url": "https://seclists.org/bugtraq/2019/Nov/39"}, {"source": "security@php.net", "url": "https://security.gentoo.org/glsa/202003-38"}, {"source": "security@php.net", "url": "https://usn.ubuntu.com/4586-1/"}, {"source": "security@php.net", "url": "https://www.debian.org/security/2019/dsa-4576"}], "sourceIdentifier": "security@php.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "security@php.net", "type": "Secondary"}]}