Headline
CVE-2022-44789: CVE-2022-44789/PublicReferenceURL.txt at main · alalng/CVE-2022-44789
A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.1 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.
> [Suggested description]
> A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through
> 1.3.1 allows an attacker to achieve Remote Code Execution through
> memory corruption, via the loading of a crafted
> JavaScript file.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Heap Memory Corruption
>
> ------------------------------------------
>
> [Vendor of Product]
> Artifex
>
> ------------------------------------------
>
> [Affected Product Code Base]
> MuJS - v1.0.0 - v1.3.1
>
> ------------------------------------------
>
> [Affected Component]
> mujs, mujs-pp, jsobject.c, O_getOwnPropertyDescriptor()
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Reference]
> https://artifex.com/products/mujs/
> https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f
>
> ------------------------------------------
>
> [Attack Vectors]
> Loading a malicious JavaScript file.
>
> ------------------------------------------
>
> [Discoverer]
> Alvin Ng
> https://github.com/alalng
Use CVE-2022-44789.
Related news
Gentoo Linux Security Advisory 202405-6 - Multiple vulnerabilities have been discovered in mujs, the worst of which could lead to remote code execution. Versions greater than or equal to 1.3.2 are affected.
Debian Linux Security Advisory 5291-1 - Multiple security issues were discovered in MuJS, a lightweight JavaScript interpreter, which could result in denial of service and potentially the execution of arbitrary code.