Regular Expression Overflow Vulnerability in Artifex MuJS by Artifex Software
CVE-2019-12798

9.8CRITICAL

Key Information:

Vendor: Artifex
Status: Mujs
Vendor: CVE Published:; 13 June 2019

What is CVE-2019-12798?

An overflow vulnerability exists in Artifex MuJS 1.0.5 due to a failure to restrict the size of regular expression programs. This flaw allows attackers to craft a malicious input that could result in an excessive size of the parsed syntax list, potentially leading to a denial of service. Users of this scripting engine should assess their implementations and consider updating to mitigate the risks associated with this issue.

References

http://git.ghostscript.com/?p=mujs.git%3Bh=7f50591861525f...

x_refsource_MISC

http://www.securityfocus.com/bid/108774

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2019
Vulnerability Reserved
Jun 13, 2019