Search for vulnerabilities
Vulnerability details: VCID-ujha-1cjb-z7bk
Vulnerability ID VCID-ujha-1cjb-z7bk
Aliases CVE-2019-3839
Summary It was found that in ghostscript some privileged operators remained accessible from various places after the CVE-2019-6116 fix. A specially crafted PostScript file could use this flaw in order to, for example, have access to the file system outside of the constrains imposed by -dSAFER. Ghostscript versions before 9.27 are vulnerable.
Status Published
Exploitability 0.5
Weighted Severity 7.0
Risk 3.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-648 Incorrect Use of Privileged APIs
System Score Found at
cvssv3 7.3 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3839.json
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00071 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
epss 0.00132 https://api.first.org/data/v1/epss?cve=CVE-2019-3839
cvssv3 7.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 6.8 https://nvd.nist.gov/vuln/detail/CVE-2019-3839
cvssv3.1 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-3839
Reference id Reference type URL
http://git.ghostscript.com/?p=ghostpdl.git%3Ba=commitdiff%3Bh=4ec9ca74bed49f2a82acb4bf430eae0d8b3b75c9
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00088.html
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00090.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3839.json
https://api.first.org/data/v1/epss?cve=CVE-2019-3839
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3839
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.debian.org/debian-lts-announce/2019/05/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6AATIHU32MYKUOXQDJQU4X4DDVL7NAY3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP34D27RKYV2POJ3NJLSVCHUA5V5C45A/
https://seclists.org/bugtraq/2019/May/23
https://www.debian.org/security/2019/dsa-4442
1673304 https://bugzilla.redhat.com/show_bug.cgi?id=1673304
cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
CVE-2019-3839 https://nvd.nist.gov/vuln/detail/CVE-2019-3839
RHSA-2019:0971 https://access.redhat.com/errata/RHSA-2019:0971
RHSA-2019:1017 https://access.redhat.com/errata/RHSA-2019:1017
USN-3970-1 https://usn.ubuntu.com/3970-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3839.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3839
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-3839
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.22405
EPSS Score 0.00071
Published At Aug. 1, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:39:03.835097+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/3970-1/ 37.0.0