CVE-2017-5627 — Integer Overflow or Wraparound in Mujs

CWE-190 — Integer Overflow or Wraparound6 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 47.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mujs

Timeline

PublishedJan 30

Latest updateMay 13

Description

An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a check for a negative array length. This leads to an integer overflow in the js_pushstring function in jsrun.c when parsing a specially crafted JS file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

▶NVDartifex/mujs< 2017-01-24

🔴Vulnerability Details

GHSA

GHSA-9949-26g4-c4fx: An issue was discovered in Artifex Software, Inc↗2022-05-13

▶

CVEList

CVE-2017-5627: An issue was discovered in Artifex Software, Inc↗2017-01-30

▶

📋Vendor Advisories

Debian

CVE-2017-5627: mujs - An issue was discovered in Artifex Software, Inc. MuJS before 4006739a28367c708d...↗2017

▶

💬Community

Bugzilla

CVE-2016-10132 CVE-2016-10133 CVE-2016-10141 CVE-2017-5627 CVE-2017-5628 mujs: Multiple security issues [fedora-all]↗2017-01-13

▶

Bugzilla

CVE-2016-10132 CVE-2016-10133 CVE-2016-10141 CVE-2017-5627 CVE-2017-5628 mujs: Multiple security issues↗2017-01-13

▶