Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
[
{
"vendor": "n/a",
"product": "mujs",
"versions": [
{
"version": "mujs in versions 1.0.1 to 1.1.1",
"status": "affected"
}
]
}
]