cbcvebase.

Artifex Mujs vulnerabilities

25 known vulnerabilities affecting artifex/mujs.

Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL7HIGH14MEDIUM4

Vulnerabilities

Page 2 of 2
CVE-2020-22886P4HIGHCVSS 7.5fixed in 1.0.82021-07-13
CVE-2020-22886 [HIGH] CWE-120 CVE-2020-22886: Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remo Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.
nvdosv
CVE-2016-9294P4HIGHCVSS 7.5fixed in 2016-10-262016-11-12
CVE-2016-9294 [HIGH] CWE-476 CVE-2016-9294: Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component.
nvd
CVE-2016-9108P4HIGHCVSS 7.5≤ 2016-10-312017-02-03
CVE-2016-9108 [HIGH] CWE-190 CVE-2016-9108: Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.
nvd
CVE-2022-30974P4MEDIUMCVSS 5.5≤ 1.2.02022-05-18
CVE-2022-30974 [MEDIUM] CVE-2022-30974: compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
nvdosv
CVE-2022-30975P4MEDIUMCVSS 5.5≤ 1.2.02022-05-18
CVE-2022-30975 [MEDIUM] CWE-476 CVE-2022-30975: In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonst In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
nvdosv
Artifex Mujs vulnerabilities | cvebase