Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2023-2261
HistoryOct 22, 2023 - 5:23 a.m.

Advisory ROSA-SA-2023-2261

2023-10-2205:23:53
ROSA LAB
abf.rosalinux.ru
3
mujs
integer overflow
denial of service
code execution
javascript
remote code execution
memory corruption
artifex software inc.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON

software: mujs 1.3.3
AXIS: ROSA-CHROME

package_evr_string: mujs-1.3.3.3-1.src.rpm

CVE-ID: CVE-2016-10141
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS to fa3d30fd18c348bb4b1f3858fb860f4f4fcd4b2045. The attack requires a regular expression with nested repetition. Successful exploitation of this problem can result in code execution or denial of service (buffer overflow).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs

CVE-ID: CVE-2016-9294
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Artifex Software, Inc. MuJS to 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-aware attackers to conduct denial-of-service (application failure) attacks using a mislabeled JavaScript break/continuation approach related to the “null pointer dereferencing” issue affecting the jscompile.c component.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs

CVE-ID: CVE-2017-5627
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem has been detected in Artifex Software, Inc. MuJS to 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a negative array length check. This causes integer overflow in the js_pushstring function in jsrun.c when analyzing a specially crafted JS file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs

CVE-ID: CVE-2017-5628
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem was discovered in Artifex Software, Inc. MuJS to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not check the month, causing an integer overflow when analyzing a specially crafted JS file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs

CVE-ID: CVE-2022-44789
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A logic issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0-1.3.x through 1.3.2 allows an attacker to achieve remote code execution via memory corruption by loading a crafted JavaScript file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchmujs< 1.3.3UNKNOWN

Related

openvas 10
nessus 10
fedora 9
veracode 1
nvd 5
prion 5
cvelist 5
seebug 1
alpinelinux 1
osv 2
cve 5
debiancve 5
githubexploit 1
ubuntucve 1
debian 1
gentoo 1
openvas
openvas
Fedora Update for mujs FEDORA-2017-624e2eeda0
2017-02-23 00:00:00
Fedora Update for mujs FEDORA-2017-dc6023e849
2017-02-23 00:00:00
Fedora: Security Advisory for mujs (FEDORA-2022-c4b56e4400)
2022-12-20 00:00:00
nessus
nessus
Fedora 25 : mujs (2017-dc6023e849)
2017-02-23 00:00:00
Fedora 24 : mujs (2017-624e2eeda0)
2017-02-23 00:00:00
openSUSE Security Update : mupdf (openSUSE-2017-271)
2017-02-21 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: mujs-0-8.20170124git4006739.fc24
2017-02-22 17:54:28
[SECURITY] Fedora 25 Update: mujs-0-8.20170124git4006739.fc25
2017-02-22 17:29:04
[SECURITY] Fedora 37 Update: mujs-1.3.2-1.fc37
2022-12-20 01:29:23
veracode
veracode
Remote Code Execution (RCE)
2022-12-05 18:09:51
nvd
nvd
CVE-2016-10141
2017-01-13 09:59:00
CVE-2022-44789
2022-11-23 21:15:11
CVE-2017-5628
2017-01-30 04:59:00
prion
prion
Memory corruption
2022-11-23 21:15:00
Integer overflow
2017-01-13 09:59:00
Integer overflow
2017-01-30 04:59:00
cvelist
cvelist
CVE-2022-44789
2022-11-23 00:00:00
CVE-2016-10141
2017-01-13 09:00:00
CVE-2017-5628
2017-01-30 04:24:00
seebug
seebug
Artifex Software MuJS integer overflow vulnerability (CVE-2016-10141)
2017-02-04 00:00:00
alpinelinux
alpinelinux
CVE-2022-44789
2022-11-23 21:15:00
osv
osv
CVE-2022-44789
2022-11-23 21:15:11
mujs - security update
2022-11-28 00:00:00
cve
cve
CVE-2022-44789
2022-11-23 21:15:11
CVE-2016-10141
2017-01-13 09:59:00
CVE-2017-5628
2017-01-30 04:59:00
debiancve
debiancve
CVE-2022-44789
2022-11-23 21:15:11
CVE-2016-10141
2017-01-13 09:59:00
CVE-2017-5628
2017-01-30 04:59:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Artifex Mujs
2022-11-22 23:11:08
ubuntucve
ubuntucve
CVE-2022-44789
2022-11-23 00:00:00
debian
debian
[SECURITY] [DSA 5291-1] mujs security update
2022-11-28 19:36:08
gentoo
gentoo
mujs: Multiple Vulnerabilities
2024-05-04 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.2%

JSON
Related for ROSA-SA-2023-2261
openvas10nessus10fedora9veracode1nvd5prion5cvelist5seebug1alpinelinux1osv2cve5debiancve5githubexploit1ubuntucve1debian1gentoo1