9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.2%
software: mujs 1.3.3
AXIS: ROSA-CHROME
package_evr_string: mujs-1.3.3.3-1.src.rpm
CVE-ID: CVE-2016-10141
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS to fa3d30fd18c348bb4b1f3858fb860f4f4fcd4b2045. The attack requires a regular expression with nested repetition. Successful exploitation of this problem can result in code execution or denial of service (buffer overflow).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2016-9294
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Artifex Software, Inc. MuJS to 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-aware attackers to conduct denial-of-service (application failure) attacks using a mislabeled JavaScript break/continuation approach related to the “null pointer dereferencing” issue affecting the jscompile.c component.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2017-5627
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem has been detected in Artifex Software, Inc. MuJS to 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a negative array length check. This causes integer overflow in the js_pushstring function in jsrun.c when analyzing a specially crafted JS file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2017-5628
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem was discovered in Artifex Software, Inc. MuJS to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not check the month, causing an integer overflow when analyzing a specially crafted JS file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2022-44789
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A logic issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0-1.3.x through 1.3.2 allows an attacker to achieve remote code execution via memory corruption by loading a crafted JavaScript file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
84.2%