Use-After-Free Vulnerability in Artifex MuJS by Artifex Software
CVE-2020-24343

7.8HIGH

Key Information:

Vendor: Artifex
Status: Mujs
Vendor: CVE Published:; 13 August 2020

Summary

A use-after-free vulnerability exists in Artifex MuJS versions up to 1.0.7 due to improper memory management in jsrun.c, resulting from unconditional marking in jsgc.c. This flaw can lead to potential exploitation and the execution of arbitrary code if an attacker manipulates memory management operations.

References

https://github.com/ccxvii/mujs/issues/136

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 13, 2020
Vulnerability Reserved
Aug 13, 2020