CVE-2022-30975 — Vulnetix

CVE-2022-30975 PUBLISHED CVSS 5.5 MEDIUM

In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.

EPSS 0.09% · 26.2th percentile

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS Score

0.09%

26.2th percentile

Affected Products

Vendor	Product	Versions
debian	debian_linux	11.0
n/a	n/a	n/a
artifex	mujs	0
fedoraproject	fedora	37

Timeline

May 18, 2022 CVE Published
May 18, 2022 EPSS Score
Jul 6, 2022 EPSS Score
Aug 25, 2022 EPSS Score
Oct 13, 2022 EPSS Score
Dec 1, 2022 EPSS Score
Jan 19, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 9, 2023 EPSS Score
Apr 27, 2023 EPSS Score
Jun 15, 2023 EPSS Score
Aug 3, 2023 EPSS Score

References

https://github.com/ccxvii/mujs/issues/161 url
DSA-5291 vendor-advisory
FEDORA-2022-c4b56e4400 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-30975 advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO url

Open in Interactive Console →

$ Console Community · 100/wk Open console ›