CVE-2021-33797

9.8CRITICAL

Key Information

Vendor: Artifex
Status: Mujs
Vendor: CVE Published:; 17 April 2023

Summary

Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.

Affected Version(s)

mujs = mujs in versions 1.0.1 to 1.1.1

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 17, 2023
Vulnerability Reserved.
Jun 2, 2021

Collectors

NVD DatabaseMitre Database