CVE-2022-44789
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-44789
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-44789.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-44789
- Downstream
- Published
- 2022-11-23T21:15:11.167Z
- Modified
- 2025-11-20T12:10:49.448298Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO/
- https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt
- https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f
- https://github.com/ccxvii/mujs/releases/tag/1.3.2
- https://www.debian.org/security/2022/dsa-5291
Affected packages
Git / github.com/ccxvii/mujs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/ccxvii/mujs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.0.9
1.1.0
1.1.1
1.1.2
1.1.3
1.2.0
1.3.0
1.3.1
Database specific
vanir_signatures
[
{
"target": {
"file": "jsobject.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"127532750713086579597104907473752802939",
"170197178850052648600052941216328741952",
"303476143500930004900454391941152363061",
"238562944180740161427139278397908324190",
"173996455707106496856465404757068271544",
"126287992607723930836450123627895788971",
"110871837027283214187155930127574475312",
"229187959405291839326305511210100776258",
"78505002466543328042457030572387057441",
"102233340182532751828553162298302713093",
"174165662875786357286314422342624450670",
"195993686312649622378216943415084677933",
"164943121127706876273878864588189715561",
"223079940574500058853529615027714789996",
"19086601122030049686529747614172737651",
"124852115229025456821067965670583262944",
"330212892464514792111163447994714436783",
"252344249037203318259702648184538444914",
"311498147125440135239028338689708549727",
"199148378685154662213893533359046064618",
"246211966765327006225933452232145497640",
"70227407927331655286999329664234883724",
"162977155274635394272030526488467143486",
"182458591215978345232506013293729790698",
"283132504052264911717682548700048236791",
"45474889485798549436791833282137307450"
],
"threshold": 0.9
},
"source": "https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f",
"deprecated": false,
"id": "CVE-2022-44789-07b97043",
"signature_type": "Line"
},
{
"target": {
"function": "ToPropertyDescriptor",
"file": "jsobject.c"
},
"signature_version": "v1",
"digest": {
"length": 1185.0,
"function_hash": "219068713983348778596442449741635042144"
},
"source": "https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f",
"deprecated": false,
"id": "CVE-2022-44789-43b94a30",
"signature_type": "Function"
},
{
"target": {
"function": "O_getOwnPropertyDescriptor",
"file": "jsobject.c"
},
"signature_version": "v1",
"digest": {
"length": 956.0,
"function_hash": "131194664248511551156776151648730969875"
},
"source": "https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f",
"deprecated": false,
"id": "CVE-2022-44789-9d19f8c4",
"signature_type": "Function"
}
]