Artifex Mujs
By the Year
In 2023 there have been 2 vulnerabilities in Artifex Mujs with an average score of 8.7 out of ten. Last year Mujs had 4 security vulnerabilities published. Right now, Mujs is on track to have less security vulnerabilities in 2023 than it did last year. However, the average CVE base score of the vulnerabilities in 2023 is greater by 1.25.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 2 | 8.65 |
| 2022 | 4 | 7.40 |
| 2021 | 2 | 7.50 |
| 2020 | 1 | 7.80 |
| 2019 | 4 | 8.65 |
| 2018 | 2 | 5.50 |
It may take a day or so for new Mujs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Artifex Mujs Security Vulnerabilities
In MuJS before version 1.1.2
CVE-2021-33796
7.5 - High
- July 07, 2023
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
Dangling pointer
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1
CVE-2021-33797
9.8 - Critical
- April 17, 2023
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
Integer Overflow or Wraparound
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2
CVE-2022-44789
8.8 - High
- November 23, 2022
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
Memory Corruption
In Artifex MuJS through 1.2.0
CVE-2022-30975
5.5 - Medium
- May 18, 2022
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
NULL Pointer Dereference
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption
CVE-2022-30974
5.5 - Medium
- May 18, 2022
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
Stack Exhaustion
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow
CVE-2021-45005
9.8 - Critical
- February 14, 2022
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.
Memory Corruption
Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8
CVE-2020-22886
7.5 - High
- July 13, 2021
Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.
Classic Buffer Overflow
Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase
CVE-2020-22885
7.5 - High
- July 13, 2021
Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.
Classic Buffer Overflow
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c
CVE-2020-24343
7.8 - High
- August 13, 2020
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.
Dangling pointer
An issue was discovered in Artifex MuJS 1.0.5
CVE-2019-12798
9.8 - Critical
- June 13, 2019
An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size.
Incorrect Regular Expression
An issue was discovered in Artifex MuJS 1.0.5
CVE-2019-11411
9.8 - Critical
- April 22, 2019
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.
Memory Corruption
An issue was discovered in Artifex MuJS 1.0.5
CVE-2019-11412
7.5 - High
- April 22, 2019
An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.
Always-Incorrect Control Flow Implementation
An issue was discovered in Artifex MuJS 1.0.5
CVE-2019-11413
7.5 - High
- April 22, 2019
An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.
Stack Exhaustion
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which
CVE-2018-5759
5.5 - Medium
- January 24, 2018
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.
Stack Exhaustion
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow
CVE-2018-6191
5.5 - Medium
- January 24, 2018
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Artifex Mujs or by Artifex? Click the Watch button to subscribe.
