SB2022112905 - Denial of service in Artifex MuJS
Published: November 29, 2022
Security Bulletin ID
SB2022112905
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Uncontrolled Recursion (CVE-ID: CVE-2022-30974)
The vulnerability allows a remote attacker to perform a regular expression denial of service (DoS) attack.
The vulnerability exists due to unlimited recursion within the compile() function in regexp.cc. A remote attacker can pass a specially crafted string to the application and consume all available CPU resources on the system.2) NULL pointer dereference (CVE-ID: CVE-2022-30975)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the jsP_dumpsyntax() function in jsdump.c. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.