Vulnerability Description
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Artifex | Mujs | All versions |
Related Weaknesses (CWE)
References
- http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=77ab465f1c394bb77f00966cd9
- http://www.openwall.com/lists/oss-security/2017/01/12/9Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/13/1Mailing ListPatchThird Party Advisory
- https://bugs.ghostscript.com/show_bug.cgi?id=697401Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=77ab465f1c394bb77f00966cd9
- http://www.openwall.com/lists/oss-security/2017/01/12/9Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/01/13/1Mailing ListPatchThird Party Advisory
- https://bugs.ghostscript.com/show_bug.cgi?id=697401Issue TrackingPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2016-10133?
CVE-2016-10133 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments t...
How severe is CVE-2016-10133?
CVE-2016-10133 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-10133?
Check the references section above for vendor advisories and patch information. Affected products include: Artifex Mujs.