Heap-Based Buffer Overflow in MuJS by Artifex Software
CVE-2016-10133

9.8CRITICAL

Key Information:

Vendor
Artifex
Status
Mujs
Vendor
CVE Published:
24 March 2017

Summary

A heap-based buffer overflow vulnerability exists within the js_stackoverflow function in jsrun.c of MuJS by Artifex Software, Inc. This flaw allows attackers to exploit an issue that arises when extra arguments are unexpectedly dropped from lightweight function calls. As a result, this vulnerability may enable attackers to perform unintended operations within the application, potentially leading to arbitrary code execution or a disruption of service.

References

http://www.openwall.com/lists/oss-security/2017/01/13/1
mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2017/01/12/9
mailing-listx_refsource_MLIST

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.