CVE-2022-44789 — Vulnetix

CVE-2022-44789 PUBLISHED CVSS 8.800000190734863 HIGH

A logical issue in O_getOwnPropertyDescriptor() in Artifex MuJS 1.0.0 through 1.3.x before 1.3.2 allows an attacker to achieve Remote Code Execution through memory corruption, via the loading of a crafted JavaScript file.

EPSS 2.93% · 86.7th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

2.93%

86.7th percentile

Affected Products

Vendor	Product	Versions
fedoraproject	fedora	37
debian	debian_linux	11.0
n/a	n/a	*
artifex	mujs	1.0.0

Timeline

Nov 23, 2022 CVE Published
Nov 24, 2022 EPSS Score
Jan 5, 2023 EPSS Score
Jan 29, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 31, 2023 EPSS Score
Jun 24, 2023 EPSS Score
Aug 6, 2023 EPSS Score
Oct 30, 2023 EPSS Score
Dec 11, 2023 EPSS Score
Mar 5, 2024 EPSS Score
May 29, 2024 EPSS Score

References

https://github.com/ccxvii/mujs/commit/edb50ad66f7601ca9a3544a0e9045e8a8c60561f url
https://github.com/alalng/CVE-2022-44789/blob/main/PublicReferenceURL.txt url
https://github.com/ccxvii/mujs/releases/tag/1.3.2 url
DSA-5291 vendor-advisory
FEDORA-2022-c4b56e4400 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-44789 advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MC6PLHTXHZ7GW7QQGTLBHLXL47UHTHXO url

Open in Interactive Console →