CVE-2019-11037 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-11037 Interim 1 16 2025-02-17T02:08:05Z current 2021-05-30T14:27:10Z 2025-02-17T02:08:05Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-11037 In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KGV7VQ6VPH5S7V7PYMCMEEKUWPZOL27Y/ E-Mail link for openSUSE-SU-2020:0014-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 SP1 openSUSE Leap 15.1 php7-imagick-3.4.4-5.1 php7-imagick-3.4.4-bp151.2.3.1 php7-imagick-3.4.4-lp151.8.3.1 php7-imagick-3.4.4-5.1 as a component of SUSE Package Hub 12 php7-imagick-3.4.4-bp151.2.3.1 as a component of SUSE Package Hub 15 SP1 php7-imagick-3.4.4-lp151.8.3.1 as a component of openSUSE Leap 15.1 In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party. CVE-2019-11037 SUSE Package Hub 12:php7-imagick-3.4.4-5.1 SUSE Package Hub 15 SP1:php7-imagick-3.4.4-bp151.2.3.1 openSUSE Leap 15.1:php7-imagick-3.4.4-lp151.8.3.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H