cvedb.io
CVE-2019-11037
MEDIUM · CVSS 4.9
EPSS exploitation probability: 0%
Published 2019-05-03T20:29:00.420 · Last modified 2026-06-17T02:12:10.610

Summary

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

Affected products

php — imagick

Does this affect you?

Add your gear to cvedb and we'll alert you only when php ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.