Vulnerability in N/a
CVE-2019-6116
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
EPSS: 0.605 (98.3th percentile) — read the EPSS interpretation.
Affected products
- N/a — versions n/a
Public proof-of-concept exploits
References
- RHSA-2019:0229 (vendor-advisory, x_refsource_REDHAT)
- 106700 (vdb-entry, x_refsource_BID)
- USN-3866-1 (vendor-advisory, x_refsource_UBUNTU)
- 46242 (exploit, x_refsource_EXPLOIT-DB)
- [debian-lts-announce] 20190211 [SECURITY] [DLA 1670-1] ghostscript security update (mailing-list, x_refsource_MLIST)
- packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Ex… (x_refsource_MISC)
- DSA-4372 (vendor-advisory, x_refsource_DEBIAN)
- bugs.chromium.org/p/project-zero/issues/detail (x_refsource_MISC)
- lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html (x_refsource_CONFIRM)
- lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2019-6116?
- CVE-2019-6116 is a vulnerability in N/a. Published 2019-03-19.
- Is CVE-2019-6116 known to be exploited?
- 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.