CVE-2022-30974Uncontrolled Recursion in Mujs

CWE-674Uncontrolled Recursion7 documents6 sources
Severity
5.5MEDIUMNVD
CNA7.5OSV9.8OSV7.5
EPSS
0.0%
top 86.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Artifex MujsDebian LinuxFedoraproject Fedora
Timeline
PublishedMay 18
Latest updateJun 18

Description

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianartifex/mujs< 1.1.0-1+deb11u2+3
Ubuntuartifex/mujs< 1.1.3-3ubuntu0.1~esm1
NVDartifex/mujs1.2.0

Also affects: Debian Linux 11.0, Fedora 37

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
mujs vulnerabilities2025-06-18
GHSA
GHSA-x9pv-h28p-55w8: compile in regexp2022-05-19
CVEList
CVE-2022-30974: compile in regexp2022-05-18
OSV
CVE-2022-30974: compile in regexp2022-05-18

📋Vendor Advisories

2
Ubuntu
MuJS vulnerabilities2025-06-18
Debian
CVE-2022-30974: mujs - compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption b...2022
CVE-2022-30974 — Uncontrolled Recursion in Artifex Mujs | cvebase