Vulnerability Details CVE-2016-9294
Artifex Software, Inc. MuJS before 5008105780c0b0182ea6eda83ad5598f225be3ee allows context-dependent attackers to conduct "denial of service (application crash)" attacks by using the "malformed labeled break/continue in JavaScript" approach, related to a "NULL pointer dereference" issue affecting the jscompile.c component.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://bugs.ghostscript.com/show_bug.cgi?id=697172
- http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=5008105780c0b0182ea6eda83ad5598f225be3ee
- http://www.securityfocus.com/bid/94293
- http://bugs.ghostscript.com/show_bug.cgi?id=697172
- http://git.ghostscript.com/?p=mujs.git%3Ba=commit%3Bh=5008105780c0b0182ea6eda83ad5598f225be3ee
- http://www.securityfocus.com/bid/94293
Products affected by CVE-2016-9294
-
cpe:2.3:a:artifex:mujs:-
-
cpe:2.3:a:artifex:mujs:1.0.0
-
cpe:2.3:a:artifex:mujs:1.0.1
-
cpe:2.3:a:artifex:mujs:1.0.2
-
cpe:2.3:a:artifex:mujs:1.0.3
-
cpe:2.3:a:artifex:mujs:1.0.4
-
cpe:2.3:a:artifex:mujs:1.0.5
-
cpe:2.3:a:artifex:mujs:1.0.6
-
cpe:2.3:a:artifex:mujs:1.0.7
-
cpe:2.3:a:artifex:mujs:1.0.8
-
cpe:2.3:a:artifex:mujs:1.0.9
-
cpe:2.3:a:artifex:mujs:1.1.0
-
cpe:2.3:a:artifex:mujs:1.1.1
-
cpe:2.3:a:artifex:mujs:1.1.2
-
cpe:2.3:a:artifex:mujs:1.1.3
-
cpe:2.3:a:artifex:mujs:1.2.0