Skip to main content

Mujs CVE-2016-9109

HIGH
Out-of-bounds Read (CWE-125)
2017-01-18 cve@mitre.org
7.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jan 18, 2017 - 17:59 cve.org
HIGH 7.5

DescriptionCVE.org

Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563.

AnalysisAI

Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Artifex Software MuJS allows attackers to cause a denial of service (crash) via vectors related to incomplete escape sequences. NOTE: this vulnerability exists due to an incomplete fix for CVE-2016-7563. Affected products include: Artifex Mujs.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Mujs

View all
CVE-2016-7504 CRITICAL POC
9.8 Oct 29

A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. Rated critical severity (C

CVE-2016-7505 CRITICAL POC
9.8 Oct 29

A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. Rated critical severity (CVSS 9

CVE-2020-24343 HIGH POC
7.8 Aug 13

Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. Rated high severi

CVE-2016-7506 HIGH POC
7.5 Oct 29

An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. Rated high seve

CVE-2016-9294 HIGH POC
7.5 Nov 12

Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication req

CVE-2016-7563 HIGH POC
7.5 Jan 18

The chartorune function in Artifex Software MuJS allows attackers to cause a denial of service (out-of-bounds read) via

CVE-2016-7564 HIGH POC
7.5 Jan 18

Heap-based buffer overflow in the Fp_toString function in jsfunction.c in Artifex Software MuJS allows attackers to caus

CVE-2016-9017 HIGH POC
7.5 Oct 28

Artifex Software, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication req

CVE-2016-10141 CRITICAL
9.8 Jan 13

An integer overflow vulnerability was observed in the regemit function in regexp.c in Artifex Software, Inc. Rated criti

CVE-2016-10133 CRITICAL
9.8 Mar 24

Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. Rated critical severity

CVE-2019-12798 CRITICAL
9.8 Jun 13

An issue was discovered in Artifex MuJS 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi

CVE-2019-11411 CRITICAL
9.8 Apr 22

An issue was discovered in Artifex MuJS 1.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploi

Share

CVE-2016-9109 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy