Skip to main content

Fedora CVE-2016-9108

HIGH
Integer Overflow or Wraparound (CWE-190)
2017-02-03 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 03, 2017 - 15:59 cve.org
HIGH 7.5

DescriptionCVE.org

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression.

AnalysisAI

Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. Integer overflow in the js_regcomp function in regexp.c in Artifex Software, Inc. MuJS before commit b6de34ac6d8bb7dd5461c57940acfbd3ee7fd93e allows attackers to cause a denial of service (application crash) via a crafted regular expression. Affected products include: Fedoraproject Fedora, Artifex Mujs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Mujs

View all
CVE-2016-7504 CRITICAL POC
9.8 Oct 29

A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. Rated critical severity (C

CVE-2016-7505 CRITICAL POC
9.8 Oct 29

A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. Rated critical severity (CVSS 9

CVE-2020-24343 HIGH POC
7.8 Aug 13

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. Rated high severi

CVE-2016-9109 HIGH POC
7.5 Jan 18

Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape seq

CVE-2016-7506 HIGH POC
7.5 Oct 29

An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. Rated high seve

CVE-2016-9294 HIGH POC
7.5 Nov 12

Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication req

CVE-2016-7563 HIGH POC
7.5 Jan 18

The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via

CVE-2016-7564 HIGH POC
7.5 Jan 18

Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to caus

CVE-2016-9017 HIGH POC
7.5 Oct 28

Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication req

CVE-2016-10141 CRITICAL
9.8 Jan 13

An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. Rated criti

CVE-2016-10133 CRITICAL
9.8 Mar 24

Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. Rated critical severity

CVE-2019-12798 CRITICAL
9.8 Jun 13

An issue was discovered in Artifex MuJS 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi

Share

CVE-2016-9108 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy