Your submission was sent successfully! Close

CVE-2022-44789

Published: 23 November 2022

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
mujs
Launchpad, Ubuntu, Debian
bionic Does not exist

focal Does not exist

jammy Needs triage

kinetic Needs triage

trusty Ignored
(out of standard support)
upstream
Released (1.3.2)
xenial Ignored
(out of standard support)
Patches:
upstream: https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f