CVE-2022-44789

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Artifex MuJS versions 1.0.0 through 1.3.1

Description A logical issue in the O getOwnPropertyDescriptor() function allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

Recommendations For Artifex MuJS versions 1.0.0 through 1.3.1, update to version 1.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the loading of external JavaScript files to minimize the risk of exploitation.

Exploit

Fix

RCE

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2022-44789

DSA-5291-1

OESA-2023-1137

OESA-2023-1138

ROSA-SA-2023-2261

Affected Products

Artifex Mujs

CVE-2022-44789

Weakness Enumeration

Related Identifiers

Affected Products

References · 21