Veracode Vulnerability DatabaseVERACODE:27555Arbitrary Code Execution
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
php-imagick is vulnerable to arbitrary code execution. Lack of boundary checks when writing to an array of values in ImagickKernel::fromMatrix() can potentially lead to out of bounds write to memory if the function is called with the data controlled by untrusted party.
| CPE | Name | Operator | Version |
|---|---|---|---|
| php-imagick:bionic | eq | 3.4.3~rc2-2ubuntu4 |
References
lists.opensuse.org/opensuse-security-announce/2020-01/msg00016.html
www.securityfocus.com/bid/108292
bugs.php.net/bug.php?id=77791
github.com/CVEProject/cvelist/pull/1964
lists.fedoraproject.org/archives/list/[email protected]/message/7MQ7WJA25YF2R2LRALK4QEYWUHHJPSUD/
lists.fedoraproject.org/archives/list/[email protected]/message/BU66V7QJKD32RXLY5J7Z5NZH4V3VV524/
lists.fedoraproject.org/archives/list/[email protected]/message/FME5ZG7DDYWUPPHTTAFJB5OFFCPXYHPS/
seclists.org/bugtraq/2019/Nov/39
security.gentoo.org/glsa/202003-38
usn.ubuntu.com/4586-1/
www.debian.org/security/2019/dsa-4576
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P