alpine · CVE-2019-11037

Quick triage

Priority: critical Published: Updated:

View at Official alpine advisory, NVD, CVE.org · CVE detail

Freshness: no update timestamp found; verify against the upstream OS advisory manually.

Tracker summary

CVE-2019-11037: 1 source package rows (php7-pecl-imagick); 1 state rows across 1 repos (edge-community); fixed 1, open 0.

Description:

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

cvelogic Threat Intelligence