Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.
References
Link | Resource |
---|---|
https://github.com/ccxvii/mujs/commit/833b6f1672b4f2991a63c4d05318f0b84ef4d550 | Patch |
https://github.com/ccxvii/mujs/issues/148 | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: fedora
Published: 2023-04-17T00:00:00
Updated: 2023-04-17T00:00:00
Reserved: 2021-06-02T00:00:00
Link: CVE-2021-33797
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-17T22:15:07.677
Modified: 2023-04-26T23:05:05.003
Link: CVE-2021-33797
JSON object: View
Redhat Information
No data.