{"id":"CVE-2019-16941","details":"NSA Ghidra through 9.0.4, when experimental mode is enabled, allows arbitrary code execution if the Read XML Files feature of Bit Patterns Explorer is used with a modified XML document. This occurs in Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java. An attack could start with an XML document that was originally created by DumpFunctionPatternInfoScript but then directly modified by an attacker (for example, to make a java.lang.Runtime.exec call).","modified":"2026-04-10T04:15:15.844625Z","published":"2019-09-28T16:15:09.997Z","references":[{"type":"WEB","url":"https://twitter.com/NSAGov/status/1178812792159248385"},{"type":"ADVISORY","url":"https://www.symantec.com/security-center/vulnerabilities/writeup/110223?om_rssid=sr-advisories"},{"type":"ADVISORY","url":"https://github.com/NationalSecurityAgency/ghidra/blob/79d8f164f8bb8b15cfb60c5d4faeb8e1c25d15ca/Ghidra/Features/BytePatterns/src/main/java/ghidra/bitpatterns/info/FileBitPatternInfoReader.java#L187-L188"},{"type":"FIX","url":"https://github.com/NationalSecurityAgency/ghidra/commit/a17728f8c12effa171b17a25ccfb7e7d9528c5d0"},{"type":"FIX","url":"https://github.com/NationalSecurityAgency/ghidra/issues/1090"},{"type":"PACKAGE","url":"https://github.com/purpleracc00n/CVE-2019-16941"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nationalsecurityagency/ghidra","events":[{"introduced":"0"},{"last_affected":"6b4d64a2ac07f154bf1fca307ad99aaa522d41e4"},{"fixed":"a17728f8c12effa171b17a25ccfb7e7d9528c5d0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"9.0.4"}]}}],"versions":["Ghidra_9.0.1_build","Ghidra_9.0.3_build","Ghidra_9.0.4_build"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16941.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}