cvelist/2019/11xxx/CVE-2019-11037.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security@php.net",
        "DATE_PUBLIC": "2019-05-02T23:00:00.000Z",
        "ID": "CVE-2019-11037",
        "STATE": "PUBLIC",
        "TITLE": "Out of bounds memory write in PHP Imagick extension"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "PHP Imagick extension",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "3.4.4",
                                            "version_value": "3.4.4"
                                        },
                                        {
                                            "version_affected": ">=",
                                            "version_name": "3.3.0",
                                            "version_value": "3.3.0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "PHP Group"
                }
            ]
        }
    },
    "configuration": [
        {
            "lang": "eng",
            "value": "imagick extension should be installed for this problem to exist."
        }
    ],
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party."
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.0.6"
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-787 Out-of-bounds Write"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://bugs.php.net/bug.php?id=77791",
                "name": "https://bugs.php.net/bug.php?id=77791"
            },
            {
                "refsource": "BID",
                "name": "108292",
                "url": "http://www.securityfocus.com/bid/108292"
            },
            {
                "refsource": "MISC",
                "name": "https://github.com/CVEProject/cvelist/pull/1964",
                "url": "https://github.com/CVEProject/cvelist/pull/1964"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2019-488d0f9a4b",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MQ7WJA25YF2R2LRALK4QEYWUHHJPSUD/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2019-9448fa46f3",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BU66V7QJKD32RXLY5J7Z5NZH4V3VV524/"
            },
            {
                "refsource": "FEDORA",
                "name": "FEDORA-2019-5dc1f4100e",
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FME5ZG7DDYWUPPHTTAFJB5OFFCPXYHPS/"
            },
            {
                "refsource": "DEBIAN",
                "name": "DSA-4576",
                "url": "https://www.debian.org/security/2019/dsa-4576"
            },
            {
                "refsource": "BUGTRAQ",
                "name": "20191126 [SECURITY] [DSA 4576-1] php-imagick security update",
                "url": "https://seclists.org/bugtraq/2019/Nov/39"
            },
            {
                "refsource": "SUSE",
                "name": "openSUSE-SU-2020:0014",
                "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html"
            },
            {
                "refsource": "GENTOO",
                "name": "GLSA-202003-38",
                "url": "https://security.gentoo.org/glsa/202003-38"
            },
            {
                "refsource": "UBUNTU",
                "name": "USN-4586-1",
                "url": "https://usn.ubuntu.com/4586-1/"
            }
        ]
    },
    "source": {
        "defect": [
            "https://bugs.php.net/bug.php?id=77791"
        ],
        "discovery": "EXTERNAL"
    }
}
"-Synchronized-Data." 2019-04-09 16:00:49 +00:00			`{`
			`"CVE_data_meta": {`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"ASSIGNER": "security@php.net",`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"DATE_PUBLIC": "2019-05-02T23:00:00.000Z",`
"-Synchronized-Data." 2019-04-09 16:00:49 +00:00			`"ID": "CVE-2019-11037",`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"STATE": "PUBLIC",`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"TITLE": "Out of bounds memory write in PHP Imagick extension"`
"-Synchronized-Data." 2019-04-09 16:00:49 +00:00			`},`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"product_name": "PHP Imagick extension",`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "3.4.4",`
			`"version_value": "3.4.4"`
			`},`
			`{`
			`"version_affected": ">=",`
			`"version_name": "3.3.0",`
			`"version_value": "3.3.0"`
			`}`
			`]`
			`}`
			`}`
			`]`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`},`
			`"vendor_name": "PHP Group"`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`}`
			`]`
			`}`
			`},`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"configuration": [`
			`{`
			`"lang": "eng",`
			`"value": "imagick extension should be installed for this problem to exist."`
			`}`
			`],`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2019-04-09 16:00:49 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2019-05-03 20:00:49 +00:00			`"value": "In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party."`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`}`
			`]`
			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.0.6"`
			`},`
			`"impact": {`
			`"cvss": {`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"attackComplexity": "HIGH",`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"attackVector": "LOCAL",`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"availabilityImpact": "LOW",`
			`"baseScore": 4.9,`
			`"baseSeverity": "MEDIUM",`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"confidentialityImpact": "LOW",`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"integrityImpact": "LOW",`
			`"privilegesRequired": "NONE",`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"scope": "UNCHANGED",`
			`"userInteraction": "NONE",`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`"version": "3.0"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-787 Out-of-bounds Write"`
			`}`
			`]`
"-Synchronized-Data." 2019-04-09 16:00:49 +00:00			`}`
			`]`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2019-05-03 20:00:49 +00:00			`"refsource": "MISC",`
			`"url": "https://bugs.php.net/bug.php?id=77791",`
			`"name": "https://bugs.php.net/bug.php?id=77791"`
"-Synchronized-Data." 2019-05-13 10:00:47 +00:00			`},`
			`{`
			`"refsource": "BID",`
			`"name": "108292",`
			`"url": "http://www.securityfocus.com/bid/108292"`
"-Synchronized-Data." 2019-05-13 16:00:51 +00:00			`},`
			`{`
			`"refsource": "MISC",`
			`"name": "https://github.com/CVEProject/cvelist/pull/1964",`
			`"url": "https://github.com/CVEProject/cvelist/pull/1964"`
"-Synchronized-Data." 2019-05-16 03:00:50 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2019-488d0f9a4b",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MQ7WJA25YF2R2LRALK4QEYWUHHJPSUD/"`
"-Synchronized-Data." 2019-05-16 04:00:43 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2019-9448fa46f3",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BU66V7QJKD32RXLY5J7Z5NZH4V3VV524/"`
"-Synchronized-Data." 2019-05-16 05:00:43 +00:00			`},`
			`{`
			`"refsource": "FEDORA",`
			`"name": "FEDORA-2019-5dc1f4100e",`
			`"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FME5ZG7DDYWUPPHTTAFJB5OFFCPXYHPS/"`
"-Synchronized-Data." 2019-11-25 23:02:03 +00:00			`},`
			`{`
			`"refsource": "DEBIAN",`
			`"name": "DSA-4576",`
			`"url": "https://www.debian.org/security/2019/dsa-4576"`
"-Synchronized-Data." 2019-11-26 10:02:01 +00:00			`},`
			`{`
			`"refsource": "BUGTRAQ",`
			`"name": "20191126 [SECURITY] [DSA 4576-1] php-imagick security update",`
			`"url": "https://seclists.org/bugtraq/2019/Nov/39"`
"-Synchronized-Data." 2020-01-14 01:01:08 +00:00			`},`
			`{`
			`"refsource": "SUSE",`
			`"name": "openSUSE-SU-2020:0014",`
			`"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html"`
"-Synchronized-Data." 2020-03-19 18:01:25 +00:00			`},`
			`{`
			`"refsource": "GENTOO",`
			`"name": "GLSA-202003-38",`
			`"url": "https://security.gentoo.org/glsa/202003-38"`
"-Synchronized-Data." 2020-10-23 01:01:33 +00:00			`},`
			`{`
			`"refsource": "UBUNTU",`
			`"name": "USN-4586-1",`
			`"url": "https://usn.ubuntu.com/4586-1/"`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`}`
			`]`
			`},`
			`"source": {`
			`"defect": [`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"https://bugs.php.net/bug.php?id=77791"`
Added details of Imagick OOB write. 2019-05-02 16:01:49 +01:00			`],`
PHP issues from May release 2019-05-02 22:09:52 -07:00			`"discovery": "EXTERNAL"`
"-Synchronized-Data." 2019-04-09 16:00:49 +00:00			`}`
			`}`