Buffer Overflow in MuJS Affects Artifex Software
CVE-2021-33797

9.8CRITICAL

Key Information:

Vendor: Artifex
Status: Mujs
Vendor: CVE Published:; 17 April 2023

Summary

A buffer overflow vulnerability exists in the Artifex MuJS JavaScript interpreter, specifically in the jsdtoa.c file. This issue arises due to an integer overflow during the processing of floating point exponents by the js_strtod() function. When values exceed expected limits, it can lead to a buffer overflow, posing potential risks to the stability and security of applications utilizing affected versions. Users are urged to upgrade to patched versions to mitigate these risks.

Affected Version(s)

mujs mujs in versions 1.0.1 to 1.1.1

References

https://github.com/ccxvii/mujs/issues/148

https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a6...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 17, 2023
Vulnerability Reserved
Jun 2, 2021