CVE-2022-44789

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artifex:mujs:*:*:*:*:*:*:*:*

History

29 Nov 2022, 04:15

Type Values Removed Values Added
References
  • (DEBIAN) https://www.debian.org/security/2022/dsa-5291 -

28 Nov 2022, 19:38

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:artifex:mujs:*:*:*:*:*:*:*:*
CWE CWE-119
First Time Artifex
Artifex mujs
References (CONFIRM) https://github.com/ccxvii/mujs/releases/tag/1.3.2 - (CONFIRM) https://github.com/ccxvii/mujs/releases/tag/1.3.2 - Release Notes, Third Party Advisory
References (MISC) https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt - (MISC) https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt - Patch, Third Party Advisory
References (MISC) https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f - (MISC) https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f - Patch, Third Party Advisory

24 Nov 2022, 16:15

Type Values Removed Values Added
Summary A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.1 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file. A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
References
  • (MISC) https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f -
  • (CONFIRM) https://github.com/ccxvii/mujs/releases/tag/1.3.2 -

23 Nov 2022, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-11-23 21:15

Updated : 2022-11-29 04:15


NVD link : CVE-2022-44789

Mitre link : CVE-2022-44789


JSON object : View

Products Affected

artifex

  • mujs
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer