CyberSec.Space Logo
Back to CVE Browser

CVE-2021-45005

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1850%
EPSS Percentile13.49th
PublishedFeb 14, 2022
Last ModifiedNov 21, 2024

Vulnerability Description

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.

Affected Platforms (CPE)

πŸ“¦
Artifex

Mujs

= 1.1.3

References & Advisories

πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=704749
πŸ”— https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66
πŸ”— https://bugs.ghostscript.com/show_bug.cgi?id=704749
πŸ”— https://github.com/ccxvii/mujs/commit/df8559e7bdbc6065276e786217eeee70f28fce66

Related Vulnerabilities

CVE-2021-3379610.0

In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.

CVE-2021-337979.8

Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floa...

CVE-2019-127989.8

An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to ...

CVE-2019-114119.8

An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based ...