|
|
Subscribe / Log in / New account

mujs: multiple vulnerabilities

Package(s):mujs CVE #(s):CVE-2016-7504 CVE-2016-7505 CVE-2016-7506 CVE-2016-9017 CVE-2016-9108 CVE-2016-9109 CVE-2016-9294
Created:November 25, 2016 Updated:December 2, 2016
Description: From the Red Hat bugzilla entry for CVE-2016-7504, CVE-2016-7505, CVE-2016-7506, CVE-2016-9017, CVE-2016-9108, and CVE-2016-9109:

Mujs received multiple CVEs for security issues.

CVE-2016-9108: Integer overflow and crash parsing regex in mujs http://seclists.org/oss-sec/2016/q4/275

CVE-2016-9109: Incomplete fix for CVE-2016-7563 http://seclists.org/oss-sec/2016/q4/276

CVE-2016-7506: OOB read vulnerability in Sp_replace_regexp function http://bugs.ghostscript.com/show_bug.cgi?id=697141

CVE-2016-7505: Buffer overflow in divby function http://bugs.ghostscript.com/show_bug.cgi?id=697140

CVE-2016-7504: Use-after-free in Rp_toString function http://bugs.ghostscript.com/show_bug.cgi?id=697142

CVE-2016-9017: OOB read in jsC_dumpfunction function http://bugs.ghostscript.com/show_bug.cgi?id=697171

From the Red Hat bugzilla entry for CVE-2016-9294

MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component.

Alerts:
Fedora FEDORA-2016-2edfd75312 zathura-pdf-mupdf 2016-12-01
Fedora FEDORA-2016-2edfd75312 mujs 2016-12-01
Fedora FEDORA-2016-49a72fb9bd zathura-pdf-mupdf 2016-11-24
Fedora FEDORA-2016-4cf3e3f488 zathura-pdf-mupdf 2016-11-24
Fedora FEDORA-2016-49a72fb9bd mujs 2016-11-24
Fedora FEDORA-2016-4cf3e3f488 mujs 2016-11-24
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds