CVE-2019-6116 | Vulnerability Database | Aqua Security

In Artifex Ghostscript through 9.26, ephemeral or transient procedures can allow access to system operators, leading to remote code execution.

Affected Software

Name	Vendor	Start Version	End Version
Ghostscript	Artifex	*	9.26 (including)

References

http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00047.html
http://lists.opensuse.org/opensuse-security-announce/2019-01/msg00048.html
http://packetstormsecurity.com/files/151307/Ghostscript-Pseudo-Operator-Remote-Code-Execution.html
http://packetstormsecurity.com/files/152367/Slackware-Security-Advisory-ghostscript-Updates.html
http://www.openwall.com/lists/oss-security/2019/01/23/5
http://www.openwall.com/lists/oss-security/2019/03/21/1
http://www.securityfocus.com/bid/106700
https://access.redhat.com/errata/RHBA-2019:0327
https://access.redhat.com/errata/RHSA-2019:0229
https://bugs.chromium.org/p/project-zero/issues/detail?id=1729
https://bugs.ghostscript.com/show_bug.cgi?id=700317
https://lists.debian.org/debian-lts-announce/2019/02/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7N6T5L3SSJX2AVUPHP7GCPATFWUPKZT2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MWVAVCDXBLPLJMVGNSKGGDTBEOHCJBKK/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XVWXVKG72IGEJYHLWE6H3CGALHGFSGGY/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://seclists.org/bugtraq/2019/Apr/4
https://security.gentoo.org/glsa/202004-03
https://usn.ubuntu.com/3866-1/
https://www.debian.org/security/2019/dsa-4372
https://www.exploit-db.com/exploits/46242/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2019-6116
CWE	https://cwe.mitre.org/data/definitions/.html