PT-2016-7621 · Artifex · Mujs

Puzzor

Published

2016-10-28

Updated

2022-09-30

CVE-2016-9017

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Artifex Software, Inc. MuJS versions before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767

Description The issue allows context-dependent attackers to obtain sensitive information by using the "opname in crafted JavaScript file" approach, related to an "Out-of-Bounds read" issue affecting the jsC dumpfunction function in the jsdump.c component.

Recommendations For versions before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767, consider updating to a version that includes the fix for the "Out-of-Bounds read" issue in the jsC dumpfunction function. As a temporary workaround, consider restricting the use of crafted JavaScript files to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-125

Related Identifiers

CVE-2016-9017

OESA-2022-1976

Affected Products

Mujs

PT-2016-7621 · Artifex · Mujs

CVE-2016-9017

Weakness Enumeration

Related Identifiers

Affected Products

References · 15