CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
44.5%
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An
integer overflow happens when js_strtod() reads in floating point exponent,
which leads to a buffer overflow in the pointer *d.
github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550
github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 (1.1.2)
github.com/ccxvii/mujs/issues/148
launchpad.net/bugs/cve/CVE-2021-33797
nvd.nist.gov/vuln/detail/CVE-2021-33797
security-tracker.debian.org/tracker/CVE-2021-33797
www.cve.org/CVERecord?id=CVE-2021-33797