CVE-2019-11413

7.5HIGH

Key Information

Vendor: Artifex
Status: Mujs
Vendor: CVE Published:; 22 April 2019

Summary

An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.

Refferences

https://bugs.ghostscript.com/show_bug.cgi?id=700937

x_refsource_MISC

http://www.ghostscript.com/cgi-bin/findgit.cgi?00d4606c3b...

x_refsource_MISC

https://github.com/ccxvii/mujs/commit/00d4606c3baf813b7b1...

x_refsource_MISC

http://www.securityfocus.com/bid/108093

vdb-entryx_refsource_BID

https://security.gentoo.org/glsa/202007-52

vendor-advisoryx_refsource_GENTOO

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

EPSS Score

1% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2019
Vulnerability Reserved
Apr 21, 2019

Collectors

NVD DatabaseMitre Database

.