PT-2017-16630 · Artifex · Mujs

Op7Ic

Publicado

2017-01-30

Atualizado

2024-06-15

CVE-2017-5628

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artifex Software, Inc. MuJS versions prior to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a

Description An issue was discovered in the MakeDay function in jsdate.c, which does not validate the month. This leads to an integer overflow when parsing a specially crafted JS file.

Recommendations For versions prior to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a, consider updating to a version that includes the fix for the MakeDay function issue. As a temporary workaround, consider restricting the use of the MakeDay function until a patch is available.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

CVE-2017-5628

OESA-2022-1976

OPENSUSE-SU-2024:11068-1

ROSA-SA-2023-2261

Produtos afetados

Mujs

PT-2017-16630 · Artifex · Mujs

CVE-2017-5628

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35