Imagick PHP Imagick

stack.watch can email you when security vulnerabilities are reported in PHP Imagick. You can add multiple products that you use with Imagick to create your own personal software stack watcher.

By the Year

In 2021 there have been 0 vulnerabilities in PHP Imagick . Imagick did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2021 0 0.00
2020 0 0.00
2019 1 9.80
2018 0 0.00

It may take a day or so for new Imagick vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest PHP Imagick Security Vulnerabilities

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check

CVE-2019-11037 9.8 - Critical - May 03, 2019

In PHP imagick extension in versions between 3.3.0 and 3.4.4, writing to an array of values in ImagickKernel::fromMatrix() function did not check that the address will be within the allocated array. This could lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.

CVE-2019-11037 can be explotited with network access, and does not require authorization privledges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to be critical as this vulneraility has a high impact to the confidentiality, integrity and availability of this component.

Out-of-bounds Write