CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 1CVE-2022-44789
https://notcve.org/view.php?id=CVE-2022-44789
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. Un problema lógico en O_getOwnPropertyDescriptor() en Artifex MuJS 1.0.0 hasta 1.3.x anterior a 1.3.2 permite a un atacante lograr la ejecución remota de código a través de la corrupción de la memoria, mediante la carga de un archivo JavaScript manipulado. • https://github.com/alalng/CVE-2022-44789 https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f https://github.com/ccxvii/mujs/releases/tag/1.3.2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO https://www.debian.org/security/2022/dsa-5291 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-30975
https://notcve.org/view.php?id=CVE-2022-30975
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp. En Artifex MuJS versiones hasta 1.2.0, jsP_dumpsyntax en el archivo jsdump.c presenta una desreferencia de puntero NULL, como ha demostrado mujs-pp • https://github.com/ccxvii/mujs/issues/161 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO https://www.debian.org/security/2022/dsa-5291 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2022-30974
https://notcve.org/view.php?id=CVE-2022-30974
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. Una compilación en el archivo regexp.c en Artifex MuJS versiones hasta 1.2.0, resulta en un consumo de la pila debido a una recursión ilimitada, un problema diferente a CVE-2019-11413 • https://github.com/ccxvii/mujs/issues/162 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO https://www.debian.org/security/2022/dsa-5291 • CWE-674: Uncontrolled Recursion •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45005
https://notcve.org/view.php?id=CVE-2021-45005
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements. Se ha detectado que Artifex MuJS versión v1.1.3, contiene un desbordamiento del búfer de la pila que es causado por el conflicto de JumpList de declaraciones try/finally anidadas • https://bugs.ghostscript.com/show_bug.cgi?id=704749 https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9108
https://notcve.org/view.php?id=CVE-2016-9108
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Desbordamiento de entero en la función js_regcomp en regexp.c en Artifex Software, Inc. MuJS en versiones anteriores a commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e permite a atacantes provocar una denegación de servicio (caída de la aplicación) a través de una expresión regular manipulada. • http://www.openwall.com/lists/oss-security/2016/10/30/12 http://www.securityfocus.com/bid/96006 https://bugzilla.redhat.com/show_bug.cgi?id=1390266 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMPCTUBV2UUTSKAGVAW3EL6HJJWHRZQZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMI77FMFDWOTUUKKPTQLIB7JEXFTING4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4FE2LXVJM5PXHUGSFOT2KTA75O5ACV4 • CWE-190: Integer Overflow or Wraparound •