CVE-2019-11412 — Always-Incorrect Control Flow Implementation in Mujs

CWE-670 — Always-Incorrect Control Flow Implementation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.7%

top 17.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mujs Fedoraproject Fedora

Timeline

PublishedApr 22

Latest updateMay 24

Description

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDartifex/mujs1.0.5

Also affects: Fedora 31, 32, 33

Patches

Patch: www.ghostscript.com ↗Patch: github.com ↗Patch: www.ghostscript.com ↗

🔴Vulnerability Details

GHSA

GHSA-p87v-9j2v-6w24: An issue was discovered in Artifex MuJS 1↗2022-05-24

▶

CVEList

CVE-2019-11412: An issue was discovered in Artifex MuJS 1↗2019-04-21

▶

📋Vendor Advisories

Debian

CVE-2019-11412: mujs - An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of...↗2019

▶

💬Community

Bugzilla

CVE-2019-11412 mujs: DoS in jscompile.c [fedora-all]↗2020-08-27

▶

Bugzilla

CVE-2019-11412 mujs: DoS in jscompile.c↗2020-08-27

▶

Bugzilla

CVE-2019-11412 mujs: DoS in jscompile.c [epel-8]↗2020-08-27

▶