CVE-2019-11412
https://notcve.org/view.php?id=CVE-2019-11412
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. Se ha descubierto un problema en Artifex MuJS versión 1.0.5. jscompile.c puede causar una denegación de servicio (invalid stack-frame jump) porque carece de una llamada ENDTRY opcode. • http://www.ghostscript.com/cgi-bin/findgit.cgi?1e5479084bc9852854feb1ba9bf68b52cd127e02 http://www.securityfocus.com/bid/108093 https://bugs.ghostscript.com/show_bug.cgi?id=700947 https://github.com/ccxvii/mujs/commit/1e5479084bc9852854feb1ba9bf68b52cd127e02 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RQXMWEOWCGLOLFBQSXBM3MBN33T4I5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67PMOZV4DLVL2KGU2SV724QL7Y4PKWKU https://lists.fedoraproject.org/archives/l • CWE-670: Always-Incorrect Control Flow Implementation •
CVE-2019-11411
https://notcve.org/view.php?id=CVE-2019-11411
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. Se ha descubierto un problema en Artifex MuJS versión 1.0.5. Las implementaciones Number#toFixed() y numtostr en jsnumber.c tienen un desbordamiento de búfer basado en pila. • http://www.ghostscript.com/cgi-bin/findgit.cgi?da632ca08f240590d2dec786722ed08486ce1be6 http://www.securityfocus.com/bid/108093 https://bugs.ghostscript.com/show_bug.cgi?id=700938 https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3RQXMWEOWCGLOLFBQSXBM3MBN33T4I5H https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/67PMOZV4DLVL2KGU2SV724QL7Y4PKWKU https://lists.fedoraproject.org/archives/l • CWE-787: Out-of-bounds Write •
CVE-2018-5759 – Artifex MuJS 1.0.2 - Integer Overflow
https://notcve.org/view.php?id=CVE-2018-5759
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file. jsparse.c en Artifex MuJS hasta la versión 1.0.2 no mantiene adecuadamente la profundidad AST para expresiones binarias, lo que permite que atacantes remotos provoquen una denegación de servicio (recursión excesiva) mediante un archivo manipulado. Artifex MuJS suffers from a denial of service vulnerability. • https://www.exploit-db.com/exploits/43904 http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=4d45a96e57fbabf00a7378b337d0ddcace6f38c1 http://www.securityfocus.com/bid/102833 https://bugs.ghostscript.com/show_bug.cgi?id=698868 • CWE-674: Uncontrolled Recursion •
CVE-2018-6191 – Artifex MuJS 1.0.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-6191
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. La función js_strtod en jsdtoa.c en Artifex MuJS hasta la versión 1.0.2 tiene un desbordamiento de enteros debido a una validación incorrecta de exponente. Artifex MuJS version 1.0.2 suffers from an integer overflow vulnerability because of incorrect exponent validation. • https://www.exploit-db.com/exploits/43903 http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=25821e6d74fab5fcc200fe5e818362e03e114428 http://www.securityfocus.com/bid/102840 https://bugs.ghostscript.com/show_bug.cgi?id=698920 • CWE-190: Integer Overflow or Wraparound •
CVE-2016-9108
https://notcve.org/view.php?id=CVE-2016-9108
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Desbordamiento de entero en la función js_regcomp en regexp.c en Artifex Software, Inc. MuJS en versiones anteriores a commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e permite a atacantes provocar una denegación de servicio (caída de la aplicación) a través de una expresión regular manipulada. • http://www.openwall.com/lists/oss-security/2016/10/30/12 http://www.securityfocus.com/bid/96006 https://bugzilla.redhat.com/show_bug.cgi?id=1390266 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IMPCTUBV2UUTSKAGVAW3EL6HJJWHRZQZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WMI77FMFDWOTUUKKPTQLIB7JEXFTING4 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4FE2LXVJM5PXHUGSFOT2KTA75O5ACV4 • CWE-190: Integer Overflow or Wraparound •