CVE-2019-6116
published 2019-03-21CVE-2019-6116: In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | ghostscript | < 9.27 | 9.27 |
| artifex | ghostscript | <= 9.26 | — |
| artifex | ghostscript | >= 0 < 9.26a~dfsg-1 | 9.26a~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.27~dfsg-1 | 9.27~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.26a~dfsg-1 | 9.26a~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.27~dfsg-1 | 9.27~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.26a~dfsg-1 | 9.26a~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.27~dfsg-1 | 9.27~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.26a~dfsg-1 | 9.26a~dfsg-1 |
| artifex | ghostscript | >= 0 < 9.27~dfsg-1 | 9.27~dfsg-1 |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | ghostscript | < ghostscript 9.27~dfsg-1 (bookworm) | ghostscript 9.27~dfsg-1 (bookworm) |
| debian | ghostscript | < ghostscript 9.26a~dfsg-1 (bookworm) | ghostscript 9.26a~dfsg-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.8HIGH