CVE-2019-11037

Name of the Vulnerable Software and Affected Versions php-imagick extension versions 3.3.0 through 3.4.4

Description The issue is related to a buffer overflow in the ImagickKernel::fromMatrix() function of the php-imagick extension for PHP. This could allow a remote attacker to cause a denial of service or execute arbitrary code. The problem arises when the function writes to an array of values without checking if the address is within the allocated array, potentially leading to out-of-bounds memory writes when called with untrusted data.

Recommendations For php-imagick extension versions 3.3.0 through 3.4.4, consider disabling the ImagickKernel::fromMatrix() function until a patch is available to prevent potential exploitation. Restrict access to this function to minimize the risk of out-of-bounds memory writes. Avoid using the php-imagick extension with untrusted data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.