CVE-2019-12798

EUVD-2019-4381
An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression program size, leading to an overflow of the parsed syntax list size.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
Affected Products (NVD)
VendorProductVersion
artifexmujs
1.0.5
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mujs
bookworm
1.3.2-1
fixed
bullseye
1.1.0-1+deb11u3
fixed
bullseye (security)
1.1.0-1+deb11u2
fixed
sid
1.3.5-1
fixed
trixie
1.3.5-1
fixed
Common Weakness Enumeration
References
http://git.ghostscript.com/?p=mujs.git%3Bh=7f50591861525f76e3ec7a63392656ff8c030af9
http://www.securityfocus.com/bid/108774
http://git.ghostscript.com/?p=mujs.git%3Bh=7f50591861525f76e3ec7a63392656ff8c030af9
http://www.securityfocus.com/bid/108774