Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2018-6191Integer Overflow or Wraparound in Mujs

CWE-190Integer Overflow or Wraparound8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
3.2%
top 12.95%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Artifex Mujs
Timeline
PublishedJan 24
Latest updateMay 14

Description

The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

NVDartifex/mujs1.0.2

Patches

Patch: www.exploit-db.comPatch: www.exploit-db.com

🔴Vulnerability Details

2
GHSA
GHSA-rrxp-jc5m-rx5p: The js_strtod function in jsdtoa2022-05-14
CVEList
CVE-2018-6191: The js_strtod function in jsdtoa2018-01-24

💥Exploits & PoCs

1
Exploit-DB
Artifex MuJS 1.0.2 - Denial of Service2018-01-28

📋Vendor Advisories

1
Debian
CVE-2018-6191: mujs - The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer ...2018

💬Community

3
Bugzilla
CVE-2018-6191 mujs: Interger overflow in js_strtod function in jsdtoa.c [fedora-all]2018-01-29
Bugzilla
CVE-2018-6191 mupdf: Interger overflow in js_strtod function in jsdtoa.c [fedora-all]2018-01-29
Bugzilla
CVE-2018-6191 mujs: Interger overflow in js_strtod function in jsdtoa.c2018-01-29
CVE-2018-6191 — Integer Overflow or Wraparound in Mujs | cvebase