VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-ujha-1cjb-z7bk

Essentials
Severities (33)
References (31)
Severity details (4)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-ujha-1cjb-z7bk
Aliases	CVE-2019-3839
Summary	It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
Status	Published
Exploitability	0.5
Weighted Severity	7.0
Risk	3.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-648

Incorrect Use of Privileged APIs

System	Score	Found at
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3839.json
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2019-3839
cvssv3	7.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2019-3839
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2019-3839

Reference id	Reference type	URL
		http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
		http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3839.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-3839
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3839
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
		https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
		https://seclists.org/bugtraq/2019/May/23
		https://www.debian.org/security/2019/dsa-4442
1673304		https://bugzilla.redhat.com/show_bug.cgi?id=1673304
cpe:2.3:a:artifex:ghostscript::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript::::::::
cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:::::::*
cpe:2.3:o:debian:debian_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
cpe:2.3:o:debian:debian_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:::::::*
cpe:2.3:o:fedoraproject:fedora:29:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
cpe:2.3:o:fedoraproject:fedora:30:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
cpe:2.3:o:opensuse:leap:15.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:::::::*
CVE-2019-3839		https://nvd.nist.gov/vuln/detail/CVE-2019-3839
RHSA-2019:0971		https://access.redhat.com/errata/RHSA-2019:0971
RHSA-2019:1017		https://access.redhat.com/errata/RHSA-2019:1017
USN-3970-1		https://usn.ubuntu.com/3970-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3839.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3839

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3839

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.22405
EPSS Score	0.00071
Published At	Aug. 1, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:39:03.835097+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/3970-1/	37.0.0