Artifex Mujs

Do you want an email whenever new security vulnerabilities are reported in Artifex Mujs?

By the Year

In 2023 there have been 0 vulnerabilities in Artifex Mujs . Last year Mujs had 4 security vulnerabilities published. Right now, Mujs is on track to have less security vulnerabilities in 2023 than it did last year.

Year	Vulnerabilities	Average Score
2023	0	0.00
2022	4	7.40
2021	2	7.50
2020	1	7.80
2019	4	8.65
2018	2	5.50

It may take a day or so for new Mujs vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Artifex Mujs Security Vulnerabilities

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2

CVE-2022-44789 8.8 - High - November 23, 2022

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

Buffer Overflow

In Artifex MuJS through 1.2.0

CVE-2022-30975 5.5 - Medium - May 18, 2022

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.

NULL Pointer Dereference

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption

CVE-2022-30974 5.5 - Medium - May 18, 2022

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.

Stack Exhaustion

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow

CVE-2021-45005 9.8 - Critical - February 14, 2022

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.

Memory Corruption

Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8

CVE-2020-22886 7.5 - High - July 13, 2021

Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service.

Classic Buffer Overflow

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase

CVE-2020-22885 7.5 - High - July 13, 2021

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service.

Classic Buffer Overflow

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c

CVE-2020-24343 7.8 - High - August 13, 2020

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.

Dangling pointer

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-12798 9.8 - Critical - June 13, 2019

An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size.

Incorrect Regular Expression

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-11411 9.8 - Critical - April 22, 2019

An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.

Memory Corruption

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-11412 7.5 - High - April 22, 2019

An issue was discovered in Artifex MuJS 1.0.5. jscompile.c can cause a denial of service (invalid stack-frame jump) because it lacks an ENDTRY opcode call.

Always-Incorrect Control Flow Implementation

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-11413 7.5 - High - April 22, 2019

An issue was discovered in Artifex MuJS 1.0.5. It has unlimited recursion because the match function in regexp.c lacks a depth check.

Stack Exhaustion

jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which

CVE-2018-5759 5.5 - Medium - January 24, 2018

jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.

Stack Exhaustion

The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow

CVE-2018-6191 5.5 - Medium - January 24, 2018

The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.

Integer Overflow or Wraparound

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Artifex Mujs or by Artifex? Click the Watch button to subscribe.

Artifex
Vendor

Artifex Mujs
Product

Artifex Mujs

By the Year

Recent Artifex Mujs Security Vulnerabilities

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 CVE-2022-44789 8.8 - High - November 23, 2022

In Artifex MuJS through 1.2.0 CVE-2022-30975 5.5 - Medium - May 18, 2022

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption CVE-2022-30974 5.5 - Medium - May 18, 2022

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow CVE-2021-45005 9.8 - Critical - February 14, 2022

Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8 CVE-2020-22886 7.5 - High - July 13, 2021

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase CVE-2020-22885 7.5 - High - July 13, 2021

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c CVE-2020-24343 7.8 - High - August 13, 2020

An issue was discovered in Artifex MuJS 1.0.5 CVE-2019-12798 9.8 - Critical - June 13, 2019

An issue was discovered in Artifex MuJS 1.0.5 CVE-2019-11411 9.8 - Critical - April 22, 2019

An issue was discovered in Artifex MuJS 1.0.5 CVE-2019-11412 7.5 - High - April 22, 2019

An issue was discovered in Artifex MuJS 1.0.5 CVE-2019-11413 7.5 - High - April 22, 2019

jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which CVE-2018-5759 5.5 - Medium - January 24, 2018

The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow CVE-2018-6191 5.5 - Medium - January 24, 2018

Stay on top of Security Vulnerabilities

Artifex Vendor

Artifex MujsProduct

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2

CVE-2022-44789 8.8 - High - November 23, 2022

In Artifex MuJS through 1.2.0

CVE-2022-30975 5.5 - Medium - May 18, 2022

compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption

CVE-2022-30974 5.5 - Medium - May 18, 2022

Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow

CVE-2021-45005 9.8 - Critical - February 14, 2022

Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8

CVE-2020-22886 7.5 - High - July 13, 2021

Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase

CVE-2020-22885 7.5 - High - July 13, 2021

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c

CVE-2020-24343 7.8 - High - August 13, 2020

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-12798 9.8 - Critical - June 13, 2019

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-11411 9.8 - Critical - April 22, 2019

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-11412 7.5 - High - April 22, 2019

An issue was discovered in Artifex MuJS 1.0.5

CVE-2019-11413 7.5 - High - April 22, 2019

jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which

CVE-2018-5759 5.5 - Medium - January 24, 2018

The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow

CVE-2018-6191 5.5 - Medium - January 24, 2018

Artifex
Vendor

Artifex Mujs
Product