CVE-2016-9108 โ€” Integer Overflow or Wraparound in Mujs

CWE-190 โ€” Integer Overflow or Wraparound7 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Artifex MujsFedoraproject Fedora
Timeline
PublishedFeb 3
Latest updateMay 13

Description

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

โ–ถNVDartifex/mujs2016-10-31

Also affects: Fedora 23, 24, 25

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-gw5r-44xc-8j82: Integer overflow in the js_regcomp function in regexpโ†—2022-05-13
โ–ถ
OSV
CVE-2016-9108: Integer overflow in the js_regcomp function in regexpโ†—2017-02-03
โ–ถ
CVEList
CVE-2016-9108: Integer overflow in the js_regcomp function in regexpโ†—2017-02-03
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Debian
CVE-2016-9108: mujs - Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc...โ†—2016
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2016-7504 CVE-2016-7505 CVE-2016-7506 CVE-2016-9017 CVE-2016-9108 CVE-2016-9109 mujs: Multiple security issuesโ†—2016-10-31
โ–ถ
Bugzilla
CVE-2016-7504 CVE-2016-7505 CVE-2016-7506 CVE-2016-9017 CVE-2016-9108 CVE-2016-9109 CVE-2016-9294 mujs: various flaws [fedora-all]โ†—2016-10-31
โ–ถ
CVE-2016-9108 โ€” Integer Overflow or Wraparound in Mujs | cvebase