Published: 24/01/2018 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

jsparse.c in Artifex MuJS up to and including 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote malicious users to cause a denial of service (excessive recursion) via a crafted file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
artifex mujs

# Exploit Title: DoS caused by the interactive call between two functions # Date: 2018-01-16 # Exploit Author: Andrea Sindoni - @invictus1306 # Vendor: Artifex (wwwartifexcom/) # Software Link: githubcom/ccxvii/mujs # Version: Mujs - 228719d087aa5e27dcd8627c4acf7273476bdbca # Tested on: Linux # CVE : CVE-2018-5759 Simple poc: # ...

Artifex MuJS suffers from a denial of service vulnerability ...

Public security advisories

Advisories Public security advisories CVE-2018-6191 - Artifex MuJS through 102 has an integer overflow because of incorrect exponent validation wwwexploit-dbcom/exploits/43903 CVE-2018-5759 - Artifex MuJS through 102 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via

CWE-674 https://bugs.ghostscript.com/show_bug.cgi?id=698868 https://www.exploit-db.com/exploits/43904/http://www.securityfocus.com/bid/102833 http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=4d45a96e57fbabf00a7378b337d0ddcace6f38c1 https://nvd.nist.gov https://github.com/invictus1306/advisories https://www.exploit-db.com/exploits/43904/

CVE-2018-5759

Vulnerability Summary

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect