CVE-2019-6446
Description
NumPy before 1.16.3 allows arbitrary code execution via unsafe pickle deserialization in numpy.load, a disputed but exploitable behavior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
NumPy before 1.16.3 allows arbitrary code execution via unsafe pickle deserialization in numpy.load, a disputed but exploitable behavior.
Vulnerability
An issue in NumPy before version 1.16.3 leverages the Python pickle module unsafely when deserializing objects through the numpy.load function. Starting from version 1.10.0, the allow_pickle parameter defaults to True, enabling automatic unpickling of serialized data. This allows a remote attacker to execute arbitrary code by crafting a malicious pickle object that is loaded via numpy.load. Versions 1.10.0 through 1.16.2 are affected [3][4].
Exploitation
An attacker must deliver a specially crafted pickle file to the victim, either via network download, email attachment, or other means. No authentication is required if the victim loads the malicious file directly. The attacker then triggers numpy.load on the crafted file; the pickle module deserializes the payload, executing embedded Python code. The victim does not need to explicitly set allow_pickle=True because it is the default [4].
Impact
Successful exploitation results in remote code execution in the context of the victim's Python interpreter. The attacker gains full control over confidentiality, integrity, and availability of the affected system, potentially leading to data theft, malware installation, or further compromise. This behavior is disputed by some parties who argue that loading pickled data from trusted sources is a legitimate use case; nonetheless, when an attacker can supply untrusted input, the impact is arbitrary code execution [3].
Mitigation
The vulnerability is fixed in NumPy version 1.16.3 (released 2019-03-16). Users should upgrade to this version or later. For older versions where an upgrade is not possible, set allow_pickle=False when calling numpy.load on untrusted data. Red Hat has issued updated packages (numpy-1.14.3-9.el8) that change the default to allow_pickle=False [1][2]. SUSE has also backported a similar change for affected SLE codestreams [4]. No workaround is available for the default behavior in unpatched versions.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
numpyPyPI | <= 1.16.0 | — |
Affected products
56- ghsa-coords55 versionspkg:pypi/numpypkg:rpm/almalinux/python2-attrspkg:rpm/almalinux/python2-chardetpkg:rpm/almalinux/python2-coveragepkg:rpm/almalinux/python2-Cythonpkg:rpm/almalinux/python2-dnspkg:rpm/almalinux/python2-docspkg:rpm/almalinux/python2-docs-infopkg:rpm/almalinux/python2-docutilspkg:rpm/almalinux/python2-funcsigspkg:rpm/almalinux/python2-idnapkg:rpm/almalinux/python2-ipaddresspkg:rpm/almalinux/python2-markupsafepkg:rpm/almalinux/python2-mockpkg:rpm/almalinux/python2-pluggypkg:rpm/almalinux/python2-psycopg2pkg:rpm/almalinux/python2-psycopg2-debugpkg:rpm/almalinux/python2-psycopg2-testspkg:rpm/almalinux/python2-pypkg:rpm/almalinux/python2-PyMySQLpkg:rpm/almalinux/python2-pysockspkg:rpm/almalinux/python2-pytestpkg:rpm/almalinux/python2-pytest-mockpkg:rpm/almalinux/python2-pytzpkg:rpm/almalinux/python2-pyyamlpkg:rpm/almalinux/python2-rpm-macrospkg:rpm/almalinux/python2-setuptools_scmpkg:rpm/almalinux/python-psycopg2-docpkg:rpm/opensuse/python-numpy_1_16_1-gnu-hpc&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python-numpy_1_16_1-gnu-hpc&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python-numpy1&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-numpy&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/python-numpy&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/python-numpy&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-numpy_1_13_3-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2012pkg:rpm/suse/python-numpy_1_14_0-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015pkg:rpm/suse/python-numpy_1_16_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015pkg:rpm/suse/python-numpy_1_16_1-gnu-hpc&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP1pkg:rpm/suse/python-numpy_1_16_1-gnu-hpc&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP1pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/python-numpy&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4pkg:rpm/suse/python-numpy&distro=SUSE%20Package%20Hub%2015%20SP1
<= 1.16.0+ 54 more
- (no CPE)range: <= 1.16.0
- (no CPE)range: < 17.4.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.0.4-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 4.5.1-4.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.28.1-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.15.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.16-2.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.14-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.0.18-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.23-19.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.0.0-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.6.0-8.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.5.3-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 0.8.0-10.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.6.8-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.4.2-13.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.9.0-4.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2017.2-12.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3.12-16.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 3-38.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.15.7-6.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 2.7.5-7.module_el8.6.0+2781+fed64c13
- (no CPE)range: < 1.16.1-lp150.8.1
- (no CPE)range: < 1.16.1-lp151.5.3.1
- (no CPE)range: < 1.26.4-1.1
- (no CPE)range: < 1.16.1-lp150.8.1
- (no CPE)range: < 1.16.1-lp151.5.3.1
- (no CPE)range: < 1.21.2-1.1
- (no CPE)range: < 1.13.3-4.9.1
- (no CPE)range: < 1.14.0-4.5.1
- (no CPE)range: < 1.16.1-4.8.1
- (no CPE)range: < 1.16.1-4.8.1
- (no CPE)range: < 1.16.1-bp151.2.3.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.14.0-4.5.1
- (no CPE)range: < 1.16.1-4.8.1
- (no CPE)range: < 1.16.1-4.8.1
- (no CPE)range: < 1.3.0-1.3.3.1
- (no CPE)range: < 1.8.0-6.4.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.8.0-6.4.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.8.0-6.4.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.8.0-5.8.1
- (no CPE)range: < 1.16.1-bp151.2.3.1
Patches
289b688732b378f31f95910d2Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.htmlghsavendor-advisoryWEB
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.htmlghsavendor-advisoryWEB
- lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.htmlghsavendor-advisoryWEB
- access.redhat.com/errata/RHSA-2019:3335ghsavendor-advisoryWEB
- access.redhat.com/errata/RHSA-2019:3704ghsavendor-advisoryWEB
- github.com/advisories/GHSA-9fq2-x9r6-wfmfghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2019-6446ghsaADVISORY
- www.securityfocus.com/bid/106670mitrevdb-entry
- bugzilla.suse.com/show_bug.cgighsaWEB
- github.com/numpy/numpy/issues/12759ghsaWEB
- github.com/numpy/numpy/pull/12889ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/numpy/PYSEC-2019-108.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4ghsaWEB
- web.archive.org/web/20210124234613/https://www.securityfocus.com/bid/106670ghsaWEB
- github.com/numpy/numpy/commit/89b688732b37616c9d26623f81aaee1703c30ffbmitre
- github.com/numpy/numpy/pull/13359mitre
News mentions
0No linked articles in our index yet.