CVE-2017-5628Integer Overflow or Wraparound in Mujs

CWE-190Integer Overflow or Wraparound6 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 62.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Artifex Mujs
Timeline
PublishedJan 30
Latest updateMay 13

Description

An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDartifex/mujs< 2017-01-24

🔴Vulnerability Details

2
GHSA
GHSA-3v2p-pv62-pg94: An issue was discovered in Artifex Software, Inc2022-05-13
CVEList
CVE-2017-5628: An issue was discovered in Artifex Software, Inc2017-01-30

📋Vendor Advisories

1
Debian
CVE-2017-5628: mujs - An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d...2017

💬Community

2
Bugzilla
CVE-2016-10132 CVE-2016-10133 CVE-2016-10141 CVE-2017-5627 CVE-2017-5628 mujs: Multiple security issues [fedora-all]2017-01-13
Bugzilla
CVE-2016-10132 CVE-2016-10133 CVE-2016-10141 CVE-2017-5627 CVE-2017-5628 mujs: Multiple security issues2017-01-13
CVE-2017-5628 — Integer Overflow or Wraparound in Mujs | cvebase