CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33796
https://notcve.org/view.php?id=CVE-2021-33796
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. • https://github.com/ccxvii/mujs/commit/7ef066a3bb95bf83e7c5be50d859e62e58fe8515 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33797
https://notcve.org/view.php?id=CVE-2021-33797
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d. • https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 https://github.com/ccxvii/mujs/issues/148 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2022-44789
https://notcve.org/view.php?id=CVE-2022-44789
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. Un problema lógico en O_getOwnPropertyDescriptor() en Artifex MuJS 1.0.0 hasta 1.3.x anterior a 1.3.2 permite a un atacante lograr la ejecución remota de código a través de la corrupción de la memoria, mediante la carga de un archivo JavaScript manipulado. • https://github.com/alalng/CVE-2022-44789 https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f https://github.com/ccxvii/mujs/releases/tag/1.3.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO https://www.debian.org/security/2022/dsa-5291 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-30974
https://notcve.org/view.php?id=CVE-2022-30974
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Una compilación en el archivo regexp.c en Artifex MuJS versiones hasta 1.2.0, resulta en un consumo de la pila debido a una recursión ilimitada, un problema diferente a CVE-2019-11413 • https://github.com/ccxvii/mujs/issues/162 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO https://www.debian.org/security/2022/dsa-5291 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-30975
https://notcve.org/view.php?id=CVE-2022-30975
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. En Artifex MuJS versiones hasta 1.2.0, jsP_dumpsyntax en el archivo jsdump.c presenta una desreferencia de puntero NULL, como ha demostrado mujs-pp • https://github.com/ccxvii/mujs/issues/161 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO https://www.debian.org/security/2022/dsa-5291 • CWE-476: NULL Pointer Dereference •