Unrated severityNVD Advisory· Published Mar 19, 2019· Updated Aug 4, 2024

CVE-2019-6116

Description

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Affected products

Artifex/Ghostscriptinferred
Range: <=9.26
osv-coords37 versions
pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/ghostscript&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/ghostscript-mini&distro=openSUSE%20Leap%2015.0 pkg:rpm/suse/ghostscript&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/ghostscript&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/ghostscript&distro=SUSE%20OpenStack%20Cloud%207 pkg:rpm/suse/libspectre&distro=SUSE%20Enterprise%20Storage%204 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSS pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSS pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3 pkg:rpm/suse/libspectre&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4 pkg:rpm/suse/libspectre&distro=SUSE%20OpenStack%20Cloud%207
< 9.26a-lp150.2.12.1+ 36 more
- (no CPE)range: < 9.26a-lp150.2.12.1
- (no CPE)range: < 9.54.0-2.2
- (no CPE)range: < 9.26a-lp150.2.12.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-3.12.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 9.26a-23.19.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.8-3.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1
- (no CPE)range: < 0.2.7-12.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/46242/mitreexploitx_refsource_EXPLOIT-DB
access.redhat.com/errata/RHBA-2019:0327mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2019:0229mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/mitrevendor-advisoryx_refsource_FEDORA
security.gentoo.org/glsa/202004-03mitrevendor-advisoryx_refsource_GENTOO
usn.ubuntu.com/3866-1/mitrevendor-advisoryx_refsource_UBUNTU
www.debian.org/security/2019/dsa-4372mitrevendor-advisoryx_refsource_DEBIAN
lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.htmlmitrex_refsource_CONFIRM
lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.htmlmitrex_refsource_CONFIRM
packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.htmlmitrex_refsource_MISC
packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.htmlmitrex_refsource_MISC
www.openwall.com/lists/oss-security/2019/01/23/5mitremailing-listx_refsource_MLIST
www.openwall.com/lists/oss-security/2019/03/21/1mitremailing-listx_refsource_MLIST
www.securityfocus.com/bid/106700mitrevdb-entryx_refsource_BID
bugs.chromium.org/p/project-zero/issues/detailmitrex_refsource_MISC
bugs.ghostscript.com/show_bug.cgimitrex_refsource_CONFIRM
lists.debian.org/debian-lts-announce/2019/02/msg00016.htmlmitremailing-listx_refsource_MLIST
seclists.org/bugtraq/2019/Apr/4mitremailing-listx_refsource_BUGTRAQ

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.054
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000