Ccxvii
Products
1- 9 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7564 | Hig | 0.49 | 7.5 | 0.02 | Jan 18, 2017 | Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input. | ||
| CVE-2016-7563 | Hig | 0.49 | 7.5 | 0.01 | Jan 18, 2017 | The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input. | ||
| CVE-2016-9136 | Hig | 0.49 | 7.5 | 0.01 | Nov 3, 2016 | Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue. | ||
| CVE-2018-6191 | Med | 0.39 | 5.5 | 0.05 | Jan 24, 2018 | The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation. | ||
| CVE-2018-5759 | Med | 0.39 | 5.5 | 0.05 | Jan 24, 2018 | jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file. | ||
| CVE-2021-33797 | Cri | 0.00 | 9.8 | 0.01 | Apr 17, 2023 | Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d. | ||
| CVE-2019-11413 | Hig | 0.00 | 7.5 | 0.02 | Apr 22, 2019 | An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check. | ||
| CVE-2019-11412 | Hig | 0.00 | 7.5 | 0.02 | Apr 22, 2019 | An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call. | ||
| CVE-2019-11411 | Cri | 0.00 | 9.8 | 0.03 | Apr 22, 2019 | An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow. |
- risk 0.49cvss 7.5epss 0.02
Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to cause a denial of service (crash) via crafted input.
- risk 0.49cvss 7.5epss 0.01
The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via a * (asterisk) at the end of the input.
- risk 0.49cvss 7.5epss 0.01
Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a "Buffer Over-read" issue.
- risk 0.39cvss 5.5epss 0.05
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.
- risk 0.39cvss 5.5epss 0.05
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.
- risk 0.00cvss 9.8epss 0.01
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
- risk 0.00cvss 7.5epss 0.02
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.
- risk 0.00cvss 7.5epss 0.02
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.
- risk 0.00cvss 9.8epss 0.03
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.