CVE-2016-10133

EUVD-2016-1322
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
artifexmujs
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mujs
bookworm
1.3.2-1
fixed
bullseye
1.1.0-1+deb11u3
fixed
bullseye (security)
1.1.0-1+deb11u2
fixed
sid
1.3.5-1
fixed
trixie
1.3.5-1
fixed
Common Weakness Enumeration
References
http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=77ab465f1c394bb77f00966cd950650f3f53cb24
http://www.openwall.com/lists/oss-security/2017/01/12/9
http://www.openwall.com/lists/oss-security/2017/01/13/1
https://bugs.ghostscript.com/show_bug.cgi?id=697401
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3U5APFS3FEBOPXUJIFWBNU55PYR7ZBF/
http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=77ab465f1c394bb77f00966cd950650f3f53cb24
http://www.openwall.com/lists/oss-security/2017/01/12/9
http://www.openwall.com/lists/oss-security/2017/01/13/1
https://bugs.ghostscript.com/show_bug.cgi?id=697401
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3U5APFS3FEBOPXUJIFWBNU55PYR7ZBF/