Artifex Mujs vulnerabilities
25 known vulnerabilities affecting artifex/mujs.
Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH14MEDIUM4
Vulnerabilities
Page 2 of 2
CVE-2020-22886P4HIGHCVSS 7.5fixed in 1.0.82021-07-13
CVE-2020-22886 [HIGH] CWE-120 CVE-2020-22886: Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remo
Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.
nvdosv
CVE-2016-9294P4HIGHCVSS 7.5fixed in 2016-10-262016-11-12
CVE-2016-9294 [HIGH] CWE-476 CVE-2016-9294: Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent
Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component.
nvd
CVE-2016-9108P4HIGHCVSS 7.5≤ 2016-10-312017-02-03
CVE-2016-9108 [HIGH] CWE-190 CVE-2016-9108: Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit
Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
nvd
CVE-2022-30974P4MEDIUMCVSS 5.5≤ 1.2.02022-05-18
CVE-2022-30974 [MEDIUM] CVE-2022-30974: compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
nvdosv
CVE-2022-30975P4MEDIUMCVSS 5.5≤ 1.2.02022-05-18
CVE-2022-30975 [MEDIUM] CWE-476 CVE-2022-30975: In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonst
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
nvdosv
← Previous2 / 2