PT-2017-16630 · Artifex · Mujs

Op7Ic

Published

2017-01-30

Updated

2024-06-15

CVE-2017-5628

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artifex Software, Inc. MuJS versions prior to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a

Description An issue was discovered in the MakeDay function in jsdate.c, which does not validate the month. This leads to an integer overflow when parsing a specially crafted JS file.

Recommendations For versions prior to 8f62ea10a0af68e56d5c00720523ebcba13c2e6a, consider updating to a version that includes the fix for the MakeDay function issue. As a temporary workaround, consider restricting the use of the MakeDay function until a patch is available.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

CVE-2017-5628

OESA-2022-1976

OPENSUSE-SU-2024:11068-1

ROSA-SA-2023-2261

Affected Products

Mujs

PT-2017-16630 · Artifex · Mujs

CVE-2017-5628

Weakness Enumeration

Related Identifiers

Affected Products

References · 35