CVE-2022-44789

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-44789

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44789.json

Related

DSA-5291-1

Published

2022-11-23T21:15:11Z

Modified

2023-11-29T09:44:02.122885Z

Details

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

References

https://www.debian.org/security/2022/dsa-5291
https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt
https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f
https://github.com/ccxvii/mujs/releases/tag/1.3.2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO/

Affected packages

Git / github.com/ccxvii/mujs

Affected ranges

Type: GIT
Repo: https://github.com/ccxvii/mujs
Events: Fixed

edb50ad66f7601ca9a3544a0e9045e8a8c60561f

Introduced

f0ed0d0ba351c152e97ed91a4f77a91f50735dd9

Affected versions

1.*

1.0.0

1.0.1

1.0.2

1.0.3

1.0.4

1.0.5

1.0.6

1.0.7

1.0.8

1.0.9

1.1.0

1.1.1

1.1.2

1.1.3

1.2.0

1.3.0

1.3.1