Integer Overflow Vulnerability in MuJS JavaScript Engine by Artifex Software
CVE-2017-5628

7.8HIGH

Key Information:

Vendor

Artifex
Status
Mujs
Vendor
CVE Published:
30 January 2017

What is CVE-2017-5628?

An integer overflow vulnerability exists in the MakeDay function of the MuJS JavaScript engine that fails to properly validate the month when parsing specially crafted JavaScript files. This flaw can be exploited to trigger unintended behaviors or application crashes, potentially allowing an attacker to execute arbitrary code or disrupt service. Developers using MuJS should update to the latest version to mitigate this security risk.

References

http://git.ghostscript.com/?p=mujs.git%3Bh=8f62ea10a0af68...
x_refsource_CONFIRM
https://bugs.ghostscript.com/show_bug.cgi?id=697496
x_refsource_CONFIRM
http://www.securityfocus.com/bid/95855
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2017-5628 : Integer Overflow Vulnerability in MuJS JavaScript Engine by Artifex Software