CVE-2022-30975NULL Pointer Dereference in Mujs

CWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUMNVD
OSV9.8
EPSS
0.1%
top 73.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Artifex MujsDebian LinuxFedoraproject Fedora
Timeline
PublishedMay 18
Latest updateJun 18

Description

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Debianartifex/mujs< 1.1.0-1+deb11u2+3
Ubuntuartifex/mujs< 1.1.3-3ubuntu0.1~esm1
NVDartifex/mujs1.2.0

Also affects: Debian Linux 11.0, Fedora 37

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
mujs vulnerabilities2025-06-18
GHSA
GHSA-cwrv-3m9h-vr76: In Artifex MuJS through 12022-05-19
CVEList
CVE-2022-30975: In Artifex MuJS through 12022-05-18
OSV
CVE-2022-30975: In Artifex MuJS through 12022-05-18

📋Vendor Advisories

2
Ubuntu
MuJS vulnerabilities2025-06-18
Debian
CVE-2022-30975: mujs - In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer der...2022
CVE-2022-30975 — NULL Pointer Dereference in Mujs | cvebase