CVE-2019-11413 — Uncontrolled Recursion in Mujs

CWE-674 — Uncontrolled Recursion12 documents6 sources

Severity

7.5HIGHNVD

NVD5.5

EPSS

0.8%

top 25.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Artifex Mujs Debian Linux Fedoraproject Fedora

Timeline

PublishedApr 22

Latest updateMay 24

Description

An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶Debianartifex/mujs< 1.1.0-1+deb11u2+3

▶NVDartifex/mujs1.2.0+1

Also affects: Debian Linux 11.0, Fedora 37

Patches

Patch: www.ghostscript.com ↗Patch: github.com ↗Patch: www.ghostscript.com ↗

🔴Vulnerability Details

GHSA

GHSA-cmr2-gmfq-rgq8: An issue was discovered in Artifex MuJS 1↗2022-05-24

▶

GHSA

GHSA-x9pv-h28p-55w8: compile in regexp↗2022-05-19

▶

CVEList

CVE-2022-30974: compile in regexp↗2022-05-18

▶

OSV

CVE-2022-30974: compile in regexp↗2022-05-18

▶

CVEList

CVE-2019-11413: An issue was discovered in Artifex MuJS 1↗2019-04-21

▶

📋Vendor Advisories

Debian

CVE-2022-30974: mujs - compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption b...↗2022

▶

Debian

CVE-2019-11413: mujs - An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion becaus...↗2019

▶

💬Community

Bugzilla

CVE-2019-11413 mujs: DoS in regexp.c [epel-8]↗2020-08-27

▶

Bugzilla

CVE-2019-11413 mujs: DoS in regexp.c [fedora-all]↗2020-08-27

▶

Bugzilla

CVE-2019-11413 mujs: DoS in regexp.c↗2020-08-27

▶