Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HArtifex Mujs
APPArtifex1.0.1 – 1.1.1
Related vulnerabilities
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of s...
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList o...
An issue was discovered in Artifex MuJS 1.0.5. regcompx in regexp.c does not restrict regular expression progr...
An issue was discovered in Artifex MuJS 1.0.5. The Number#toFixed() and numtostr implementations in jsnumber.c...
Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows a...