CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.2%
software: mujs 1.3.3
AXIS: ROSA-CHROME
package_evr_string: mujs-1.3.3.3-1.src.rpm
CVE-ID: CVE-2016-10141
BDU-ID: None
CVE-Crit: CRITICAL
CVE-DESC.: An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. MuJS to fa3d30fd18c348bb4b1f3858fb860f4f4fcd4b2045. The attack requires a regular expression with nested repetition. Successful exploitation of this problem can result in code execution or denial of service (buffer overflow).
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2016-9294
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Artifex Software, Inc. MuJS to 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-aware attackers to conduct denial-of-service (application failure) attacks using a mislabeled JavaScript break/continuation approach related to the “null pointer dereferencing” issue affecting the jscompile.c component.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2017-5627
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem has been detected in Artifex Software, Inc. MuJS to 4006739a28367c708dea19aeb19b8a1a9326ce08. The jsR_setproperty function in jsrun.c lacks a negative array length check. This causes integer overflow in the js_pushstring function in jsrun.c when analyzing a specially crafted JS file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2017-5628
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A problem was discovered in Artifex Software, Inc. MuJS to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not check the month, causing an integer overflow when analyzing a specially crafted JS file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVE-ID: CVE-2022-44789
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: A logic issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0-1.3.x through 1.3.2 allows an attacker to achieve remote code execution via memory corruption by loading a crafted JavaScript file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update mujs
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
87.2%