CVE-2019-11411 - An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in

CVE-2019-11411

Summary

An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c have a stack-based buffer overflow.

References

Vulnerable Configurations

cpe:2.3:a:artifex:mujs:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:artifex:mujs:1.0.5:*:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	108093
fedora	FEDORA-2020-496ab4615a FEDORA-2020-53773f4954 FEDORA-2020-f3d08b9b3a
gentoo	GLSA-202007-52
misc	http://www.ghostscript.com/cgi-bin/findgit.cgi?da632ca08f240590d2dec786722ed08486ce1be6 https://bugs.ghostscript.com/show_bug.cgi?id=700938 https://github.com/ccxvii/mujs/commit/da632ca08f240590d2dec786722ed08486ce1be6

Last major update

10-11-2020 - 03:15

Published

22-04-2019 - 11:29

Last modified

10-11-2020 - 03:15